Im curious if anyone knows of the "milk" attack. Our network was just slammed by such an attack for about an hour all aimed at one of our core routers. A "sh ip cache x.x.x.x x.x.x.x fl" on it showed this: SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts B/Pk Active Fa0/0 208.10.5.2 Local X.X.X.X 11 0498 0017 164K1028 985.3 except from 10 to 15 hosts all nailing us at the same time. The protocol as you see is "11" which I have been unable to find information about. There was no way to filter it and access-lists denying protocol "11" showed 0 matches. Anyone have any ideas? -- \\|// -(@ @)- ==oOO==(_)==OOo========================================================= Steven Nash snash@lightning.net l i g h t n i n g i n t e r n e t s e r v i c e s l l c Chief Backbone Engineer -- Network Engineering http://www.lightning.net