> > Why do folks always want to allow the simplest of DoS attacks? > > <sigh> > > I'm sorry to hear that your opinion is to block ICMP. I know there are other > people that have the same opninion but I also know a lot of people who don't > agree with you. PING is a very handy tool. Yes, PING is a very handy tool. It is also widely used for DoS attacks. There is absolutely no reason in the world to allow ping into every interface on the internal network. One interface for test, yes. There is absolutely no reason to allow every interface on the internal network to ping out. One interface for testing, yes. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com