On Tue, Aug 07, 2001 at 11:13:15AM +1200, Philip Beckmann wrote: fair enough, but thru our netflow collector we find there is a large number of packets of 144bytes (apx 40,000 every 10 minutes) most of which our access-lists are dropping. We recall reading somewhere (but can't find it now to verify) that these packets were the initial probe sent prior to sending the "GET /default.ida?" query are you able to get a dump of these packets at all? oh, and are your ACLs logging too? this can make things _very_ expensive? (in fact, you you know people using logging for ACLs, you can trivially DoS almost any cisco) --cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog