I'm a little puzzled, and I hope people won't object to my asking about this. As I see it, we're experiencing an ever-increasing flood of garbage network traffic. While not all of it is easy or appropriate to target, it seems to me there's some "low hanging fruit" that could generate serious gains with relatively little investment. A few things that make sense to me (as a non-ISP network consultant) include: 1) Summarily fencing/sandboxing/disconnecting clients sending high volumes of spam, virii, etc. You might politely contact your commercial/static clients first, but anyone connecting a "bare" PC on a broadband circuit is too stupid to deserve coddling. The great majority of your clients would thank you profusely. So far as I can see, detection of serious abusers should pretty straightforward. It wouldn't require any pretense at spam or virus filtering, per se; just pick off the clients that are flagrant sources of the plague of the month. 2) Notwithstanding the above, would it really be so hard to trap network packets bearing clear signatures of the "plague of the month"? Sure, it would create an extra load on routers or require special filtering hardware, but wouldn't it be worth it? Again, no need to be comprehensive; just blast the ones that are easy pickings. 3) There was a thread a little while ago that talked about a way to cut down spam by simply restricting who you would accept SMTP traffic from. Unfortunately, I don't recall the details, but at the time it struck me as eminently sensible, and just required cooperation between ISPs to implement effectively. One problem for the average ISP would be the monitoring and updating of plague control infrastructure. It would probably be a lot easier with a bit of cooperation and sharing -- either that, or someone could get rich offering services to ISPs for a fee. By the way, can anybody explain to me a legitimate use for port 135/137 traffic across the Internet, like it's somebody's private LAN? Seems to me anybody who still thinks that's legitimate is living in the past. So, the big question: why don't ISPs do more of this? Are they afraid of client reaction? Doesn't wash, for me: most clients would be highly grateful, and all it really takes for the remainder is fair warning. Cost? Again, you can judge for yourselves how low the fruit you choose to pick; the biggest gains have the best ROI. Happy clients, liberated bandwidth, faster servers -- what's to loose? /kenw Ken Wallewein CDP,CNE,MCSE,CCA,CCNA K&M Systems Integration Phone (403)274-7848 Fax (403)275-4535 kenw@kmsi.net www.kmsi.net