Hello, To help quench the effects of smurf attacks on our network, we CEF-CAR all ICMP on our egress points to about 200% of normal ICMP flows. However, when a upstream becomes full of ICMP (even though we dump most of it), it still affects our external connectivity. My question is, why don't larger upstream providers use CEF-CAR (assuming that most use this) do the same to limit the effect of smurf attacks on thier (and subsequently, thier customers') networks? The floor is open for flames. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP; we have more backbone! http://www.nac.net -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --