Hi, getting Smurfing "under control" takes two things: o All router administrators on the immediately reachable Internet needs to turn off directed broadcasts on their router interfaces. It's conceivable that "a significant portion of all" would do as well, but the magnitude of this problem boggles the mind. First of all, we'd need to distribute the appropriate amount of clue to all the corners of the net where this needs to happen. Maybe, just maybe, we'll get there sometime (I'm an optimist!). o Making sure source IP address spoofing isn't as easily done as it is now. Also an easy one, right? ;-) Anyone have any idea where most of the attacks originate: dial-up ports or from folks more directly connected to the net? (I'd bet on a happy mix ;-) Equipment providers can offer some help here in offering an effective and efficient knob which can do the equivalent of "RPF"ing on unicast traffic (if you don't have a route back to the source and the route doesn't point to the incoming interface for the packet, drop it on the floor). Obviously, this assumes symmetric traffic patterns, which are typical at the edges of the network but not quite so typical in our/your modern backbone networks. o While we struggle with the above two, at least some service providers need to become more responsive in tracking these sort of events back to their real source. No names mentioned, none forgotten. o Lastly, I think that better tools are needed to track this sort of attacks back to their source (?). I'm not saying these battles should not be fought; far from it, but it's probably going to take a while before any of these can have any significant effect on the problem. - Håvard