Aaron Falk wrote: > I think one can make the case that having border protection may > prevent a DOS attack from consuming interior network resources and > allowing interior hosts to communicate amongst themselves. And if your interior network resources are less than 10x your external resource, you have an unusual network indeed. Yes it may be more convenient to have the border deal with DOS, but is it *required* as Noel asserted? > We've > recently had some fierce DOS attacks on our ISP but I'm still able to > run NFS without a problem. This is a good thing. NFS & 'good thing' are a matter of personal opinion. In any case if NFS has trouble running when it has less than 90% of the interior resource, one might have to question which set of packets should be defined as the DOS. Tony