Whoever launched this attack was forging IP addresses inside our network.  I’ve added a firewall rule blocking inside addresses from originating on the external router interface.  This should prevent this type of attack in the future.