Hi, Here is a little food for thought. Recently one of the most common questions I am asked is "how can I reduce port scanning down my link". Almost invariably the clients have a network being advertised down there link with a number of addresses far exceeding those being used. In a number of cases a /24 being advertised and 2 or 3 devices on the network. By cutting down the size of the networks to what is required to successfully run your business will significantly reduce unwanted traffic. In the example above some 255 (including the broadcast) addresses are being scanned. By reducing the size of the network to a /29 reduces the scan size to 7. This has a significant effect in two ways. The traffic coming down the link in an attempt to find the box and the ICMP reply to say it is not there. With some of the viruses about the total affect can be amazing. I have had clients thinking their users were all going via a proxy and the proxy being the only device going out on the net. The complaint was a constant meg of data going down the link and this data was not being seen by the proxy. Access lists were hard for the client to maintain (the device at his end and/or the expertise required). I had them reduce the size of the network from some 255.255.254.0 subnet mask to 255.255.255.248. Instantly his traffic dropped by in excess of 800K per/s. He was able to find the cuplprit and control his traffic far better. This is not for all but food for thought. Teunis Hobart, Tasmania Australia -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20853&t=20853 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]