You right that all BGP would do is block traffic to that network. But it does block *all* traffic to that network. Once the attack is started, it must either be stopped at the source, or by inbound packet filters. Not that I'm defending it as completely effective method, but presumably some of the customers of the smurfable network have the off-hours access numbers to the noc of the smurfing network, once they notice their connectivity to elsewhere is lost. Adding a route to a route filter at a high enough level ought to get some quick attention from the smurfing network operator. Especially if its their upstream that blocked them. Things actually break for them, as opposed to just higher network load. It also prevents your own disgruntled users from launching a smurf attack against other users on your net, since they won't be able to reach those networks. At least, not from your machines. Also, it will prevent a person from launching an attack if someone is filtering between them and the network. And it has the advantage of being automatically updated, once a change is made to the master list. And I think a route blackhole is probably faster than a permission list. Not positive, though. Anyway, I'll offer a site to host the list, and redistribute the list in hopefully convenient forms. Several people have already volunteered to help, so its up to you folks to ask for and/or implement convenient forms of distribution. Whether you want to block all ingress by hand, or just general connectivity by BGP or some other method is up to you. It is possible to do both, or neither. The important thing is to get a list and maintain it. I think we can dump the list into several different forms for distribution. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com We Make IT Fly! (617)242-3091 x246 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++