How do most of you identify the latest type of DOS attack of the week? I know that some are usually more obvious than others and if you have exhisting filters it helps to narrow down some problems but other than seeing that ping times are in seconds the seconds and noticing that your pipe is hosed, how does one determine that it's a DOS attack when it's happening rather than say a bad piece of hardware. Is there anything that you all look for in particular. Does DOS Tracker tell you the type of attack that is being used? Other monitoring tools? -Pete --------------------- Peter Helmenstine --------------------------- WWW: http://marin.uoregon.edu/~pete E-mailto:pete@marin.uoregon.edu UofO Computing Center, Eugene, Or 97403 (541) 346-1629