I had a passing thought over the weekend regarding Thursday's cisco vulnerability and the recent Microsoft holes. The next worm taking advantage of the latest Windows' vulnerabilities is more or less inevitable. Someone somewhere has to be writing it. So why not include the cisco exploit in the worm payload? Based on past history, there will be plenty of vulnerable Windows hosts to infect with the worm. I would also guess that there are lots of organizations and end-users that have cisco devices that haven't patched their IOS. Furthermore, I wonder how many people have applied filtering only at their border? But packets from an infected host inside the network wouldn't be stopped by filtering applied only to the external side. Basically, if you're filtering access to your interface IP's rather than upgrading IOS, remember that the internet isn't the only source of danger to your network. Adam Maloney Systems Administrator Sihope Communications