Thanks for all the help earlier. Just to followup, I have had an offline discussion on the UNREACHABLE, ICMP idea and the last ARP hop was a show stopper, (security we could deal with). I have some archives to read and catch up on as well as some more linux kernel hacking/testing to do. If anyone hears of a linux port for Jeff's BSD SYN patch, please email please let me know. Otherwise, I may get to it, but next week I'm out-of-town most of the week and will not have the pleasure of a kernel to hack. Thanks for the great posts and remarkably constructive comments. It was impressive, to me, to watch the transition from last week when, if you recall, someone implied that a kernel fix was 'impossible', to seeing numerous excellent approaches within a few days, in particular Vernon's and Jeff's; however there must be others. In times of a crisis, it is impressive to see how humans put their differences aside and work together. I know that my 'innovative' idea for a predictive firewall algorithm was far fetched compared to the much easier and workable kernel adjustments under test. Also, the ICMP UNREACHABLE fix has merit, but to fix all the things required to 'make it work' (almost everything, it seems) seem orders of magnitude less attrative than the other idea factories at work out there. Best Regards, Tim