When using the established key word at the end of an ACL statement, are there any security risks? Can the ACK or RST flag in a segment header be set from a source terminal to trick the ACL, making it look like the segment is responding to a request? If so, I would think that anything that received the segment would ignore it. Any thoughts? Phyrz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17297&t=17297 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]