i dont know if it helps at all but i did notice this in the tcpdump output last night.
Code:
rule2/(match) block in on xl1: 192.168.0.1.500 > 192.255.255.255.500: RIPv2-resp[items 1] : {192.168.1.0/255.255.255.9}(1)
Since 192.168.1.0 doesnt exist on my network I am guessing that this is his network. Even though this is a blocked rule, is there any indication here that would show how to block attacks like this?