We have DNS serve with the conduit below open , however someone used our DNS server to do ftp... conduit permit udp host x.x.1.42 eq domain any I am relatively new to PIX. I have concerns regarding our security and am in the process of learning an cleaning some conduits in my config. According to PIX documentation , the commands below offer additional security,. Is it a good idea to enable these commands, and would they provide extra level of security, whats the tradeoff of enablilng them ? no sysopt security fragguard no sysopt connection enforcesubnet no sysopt connection timewait sysopt connection tcpmss 1460 Are ther other commands that could help to tweak up security on a general... Mo Durrani IS&T WYSE\EDS phone:408-473 1246 [EMAIL PROTECTED] [EMAIL PROTECTED] _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]