Thanks to all for the replies so far. Here is a note from our Firewall admin on one of the suggestions. Any comments? Thanks Barry >Sorry Barry, but I disagree with that statement. We need to block >multiple icmp requests. Hackers can use it as a tool to scan other >services on the network. By blocking them after 4 attempts. We stop >them before they can discover more about the network. >MTU discovery on the internet is useless and bandwidth consuming. >MTU discovery should only be used on an ethernet network to determine >packet size on the network. >>Stop ICMP protocol is a bad idea on an IP network like internet. >> Just block echo request, but not the whole ICMP..... - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]