--> -->> circuit, so thats not too bad a problem there. -->> -->> > At the single homed connection a router option to reverse the sense of -->> > the forwarding table on a specific interface (look up the source in -->> > the forwarding table and only accept if the source is reachable -->> > through that next hop) seems to be a effective preventative that could -->> > be easily just "switched on". -->> -->> A very good idea. -->If CISCO'll hear it -:)! --> --> --> -->> -->> Perry -->> That sounded like a good idea until I considered asymetric routing. You are assuming the router always knows how to get back to its source, but on the contrary, this router may not know how to get back to the source. If you're routing traffic inbound to your organization one way and outbound traffic goes another, then this option might unnecessarily block traffic. Consider also what this would do during an unstable situation. Traffic is already slow enough when a router is unstable because it may not know how to get to the destination, but if you throw in the requirement that it has to know how to get to the source as well, didn't you just help the hacker by shutting down service for lots of people? -- ------------------------------------------- | Jeremy Hall Network Engineer | | ISDN-Net, Inc Office +1-615-371-1625 | | Nashville, TN and the southeast USA | | jhall@isdn.net Pager +1-615-702-0750 | -------------------------------------------