We are having many NTP, DNS and Chargen style UDP base IP Fragmentation attack, In short they send packet with MF (More Fragment) bit set. I want to drop all packet entering in my router. How do i stop this kind of attack with ACL? I heard somewhere ACL has fragments option but not sure what it will do and how i can build my with this option?