On Mon, 27 Mar 1995, Paul Ferguson wrote: > Why not simply use a 'sane' implementation of ICMP class filtering, > such as offered in cisco IOS 10.3, to simply block specific classes > of ICMP traffic? I don't think you understand what he meant. He means detecting someone scanning your host. Say with strobe/iss/satan/tcp_probe etc.. look for ICMP port unreachable packets leaving your host. - Oliver