On Thu, Jun 18, 1998 at 10:16:38PM -0700, Vern Paxson wrote: ==>> 0.0.0.0 ==>> 10.0.4.0 ==>> 127.0.0.0 ==>> 255.255.255.0 ==> ==>These are pretty cool, I must say. Exactly how does the smurf attacker ==>route their echo requests to them? For 0.0.0.0 and 255.255.255.255 (common responses to the echo requests), it's usually due to some network devices which don't check to see if they have a proper IP address before responding. i.e., someone didn't configure their printer with an IP address but it replies anyway. For 127.0.0.1, I generally see this when a UNIX box is the router which forwards the directed-broadcast--it replies to itself with a packet from 127.0.0.1, which is also broken. 10.0.4.0 is certainly interesting, and probably is due to two IP subnets being run on the same wire. /cah