First of all, I know that I sometimes come off too harsh. As you quoted "I do what I can, where I can with what I have," there are some things you could do to lessen the impact and spread of viruses. (I will save the need for a top notch AV software for later.) 1. Block all ping packets, both inbound and outbound on the ISA server. (I assume you are using ISA as your firewall since you are asking on the ISA list. If not, do this on what ever firewall or router you have. If you have no router or firewall under your control, the problems are deeper than can be addressed here.) 2. Keep systems updated. Take a look at SUS. In your situation, if I am reading between the lines correctly, you are sole person responsible for upkeep on close to 1550 computers. You need to find resources that can help you do that job. SUS from MS is free, and does the job of passing out patches, and now service packs, very nicely. Yes, this is additional work to set up, but if you are in charge of that many computers, you need to use what resources are available, and this is a free one. 3. MS published the vulnerabilities that allowed computers to become infected with those viruses about a week or two before the viruses came out. You could have made sure there was no way the viruses could have come in through the Internet. That means blocking the ports that the viruses use. (I am not going to touch on laptops.) Again, one way to do this is to limit access to web based e-mail (Yahoo, AOL, MSN, Hotmail, etc) that can allow e-mail attachments to enter the network. Of course, there is software that can be used at the gateway to block web attachments as well. 4. You need to be more confident in stating your case to the powers that be. For example, have you had this conversation with your boss: "You do not want to spend money on this software that can help protect out network? And then what happens when the personal data on your workstation is broadcast to the Internet by a virus? Or then what if your hard drive is wiped out by a virus?" Yes, I know, IT budgets are always the first to go. However, as you quoted, it is up to us to be resourceful. Now, having said the above, I still can not help but wonder about some one trying to figure out how to solve a problem with bandwidth saturation, partly do to outbound ping requests, when that person does not take a simple step to stop them. As far as your DNS problems, it is much better to first solve the obvious problems, and then work from there. But, since I have now brought that up, have you done any of the items that myself and others suggest when DNS problems arise? Things like making sure the forwarders are still working, checked to make sure the DNS service (assuming MS DNS for a AD domain) are passing tests and that all computers are configured with the correct DNS settings. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Monday, September 22, 2003 10:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Test for Internet Link availability http://www.ISAserver.org Hi John I do appreciate your comments on all matters concerned. I would however like to defend myself a little if you don't mind. A while ago I posted a question to the "Would AV plugin stop VPN infections?" thread asking people's comments on best antivirus programs, experiences, strategies etc. The reason I asked is because it is my experience that FSecure AntiVirus is always "behind the times", and virii such as Nimda, CIH, Melissa and now lately Blaster, Nachi & Welchia do not appear to be blocked by FSecure as soon as they are made public knowledge. This obviously hampers my removal strategy as I then have to go and download removal tools from other websites, or even better, write my own code in my Login Script to hunt down and kill the infections. With the information presented to you in my last thread I can understand your comment about me not belonging on this list, but for brevity's sake I did not wish to bore everybody with all my troubles & woes. Instead I try to get to the point quickly so that whomsoever wishes to listen and comment constructively may do so. As it remains, I am responsible for 1500 workstations and 40 Windows 2000 servers. Budgets are not always that lenient when it comes to spending on technology to improve existing strategies or embark on new ones, so to quote one of the great American Presidents: "I do what I can, where I am, with what I have" Thanks William R.