I have a question about the ip reverse-path verification. Obviously, it won't work very well in asymetric multi-homed environment. But, the usefullness could be there (even limitedly) if you could at least filter packets that have source address which does not exist in the routing table _at all_ (irregardless of ingress or egress interface). Is this something that could be implemented easily? -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP! We have more backbone! http://www.nac.net -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --