No doubt this will come up in Ann Arbor, and I'm about to put up a web page about the SYN attack and the aftermath, so I'd like anyone who is now doing filtering of customer packets for spoofed IPs to send me a note. If you have a plan in the works to do so but haven't yet, I'd like to hear about that too. So far I know that these companies are filtering: Panix Net Access Compuserve Erol's Someone from ANS (not Curtis) told me that he thought ANS was doing it, but he wasn't sure and would get back to me. I've heard back from a few more significant players, mostly very encouraging stuff, but I am respecting people's requests not to announce anything publically yet. Send me a note if you're doing filtering. If you've done so sometime in the last six weeks and I've forgotten you, I apologize, but things here have been pretty insane... /a --- Alexis Rosen Owner/Sysadmin, PANIX Public Access Unix & Internet, NYC. alexis@panix.com