Howdy, When our network is being smurfed, we can call our ISPs and have them setup an access list to block ICMP. That fixes the problem, but it creates another (obvious) problem. Could traffic shaping, or similar QoS configurations, be used to solve such issues in a more general way? For example, if my source of packet flooding is ICMP, then I'd like to be able to dedicate as much as 1/10th (e.g.) of the bandwidth of each link to ICMP. That's plenty of ICMP, but it's not so much that an attack using ICMP would be effective. My question, stated briefly, is this: can you solve generic homogenous-packet-flood problems with QoS and/or traffic shaping (if the two can be truly distinguished), in general? If so, are current routers capable of doing it? What would be the effect of doing so on dialup links and backbones? --- Mark R. Lindsey, mark@datasys.net Internet Engineering, DSS Online LLC Voice: 912.241.0607x200, Fax: 912.241.0190 (US)