So with all the noise about Code Red, and in the process of trying to recover from various attacks, I happened to try to ping www.microsoft.com. It's probably par for the course that this happens: Wed Aug 1 14:05:29 bross@ogre:~ $ ping www.microsoft.com PING www.microsoft.akadns.net (207.46.197.100): 56 data bytes 64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=37.5 ms 64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=41.2 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=42.8 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=43.9 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=45.0 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=46.1 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=47.3 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=48.4 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=49.5 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=1 ttl=45 time=57.6 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=39.8 ms 64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=41.4 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=42.7 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=43.3 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=44.4 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=45.5 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=46.8 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=47.9 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=49.0 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=2 ttl=45 time=51.6 ms (DUP!) 64 bytes from 207.46.197.100: icmp_seq=3 ttl=45 time=39.6 ms I find it interesting and almost amusing that MicroSoft's own web server can be used for amplification attacks. -- Brandon Ross 404-522-5400 EVP Engineering, NetRail http://www.netrail.net AIM: BrandonNR ICQ: 2269442 Read RFC 2644!