Apparently protocol 103 does not need to have a ttl of 0 or 1 when it hits the interface in order to cause the DoS ... Cisco has updated their advisory to reflect this (Version 1.9 now).. Just wanted to alert everyone... This makes the thought of some sort of virus causing this even more realistic.. no need to check ttl's, just fire away with protocol 103... Yikes... -- --------------------------- Jason H. Frisvold Backbone Engineering Supervisor Penteledata Engineering friz@corp.ptd.net RedHat Engineer - RHCE # 807302349405893 Cisco Certified - CCNA # CSCO10151622 MySQL Core Certified - ID# 205982910 --------------------------- "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -- Albert Einstein [1879-1955]