This solution will be posted on CCO in the next day or so and will be referenced in the Cisco's Security Advisory as well. http://iponeverything.net/CodeRed.html You comments and thoughts are welcome - My thought is that this solution would really be useful on managed customer prem routers to block both inbound and more effectively outbound sessions to prevent code red infection. Please feel free to forward to customers. I will follow up with the official CCO release. Also policing and droping on conformance will work as well. Regards, Scott E. Frisby CCIE # 5059 Product Manager - NBAR Enterprise Solutions Engineering C i s c o S y s t e m s Voice: (408) 853-7018 Pager: 1-800-365-4578 Pager: 1-800-796-7363 p1032646 e-mail: sfrisby@cisco.com e-page: sfrisby@epage.cisco.com