I'm trying to block my ISP from scanning port 25 and seeing a SMTP mail
server using my Win2K SP4 server's IPSEC policies.

I suspect they scan using an IP address in the following address range: - (CIDR=
( see http://ws.arin.net/whois/?queryinput= )

When I try to enter in this subnet, as IP=, mask=, in
the IPSec Policy editor's rule/IP filter list/filter properties, I get an
"This is an invalid mask for the specified IP address."

How do I pull this off for Class B ranges above