Ran network monitor looking for high volume of packets coming from any particular network card. Found nothing. Next we changed to another IP address in our currently allocated block. No change in flooding. Asked for an allocation of different IP address block from ISP. Got run through the ringer by the ISP telling me that this was all my fault and that something on the internal network must be prompting this long list of machines in other countries to flood our network or that the firewall (non-ISA) is compromised. We're getting the new address block - he was supposed to deliver yesterday but didn't. I've already scanned each PC using spybot. I do not believe that there is anything internal causing this problem. Short of re-imaging every machine is there anything I can do to be certain? Amy