Hmm, I think I have to disagree with that. While cutting out excessive bandwidth usage by broken boxes run by idiots may be/have been convenient, is blocking a port at the ISP level really the right way to "fix" things? I figure I pay an ISP to provide me an internet connection. For that I expect them to route all IP packets to and fro whatever IP they give me. When they make these decisions to stop doing that in little ways, here and there, then I don't have a true internet connection any longer. The @home network, and now all the smaller cable networks, have always been annoying with their "no services" policy and their upstream bandwidth caps and with their "LAN with your neighbors" architecture and with their less reliable than dialup connections, etc. etc. I remember when everybody used to block traffic from their silly scanning IP addresses and such at their firewalls. Everybody was being stealthy and running their services for the rest of the world to see, but not the 24. class A space. The thing about that always was that @home could have watched the ports traffic was being routed in to. Move the ports around, and they can still set their IDS sensors to pick up on HTTP GET requests going inbound, SSH server banners going outbound, FTP server banners going outbound, etc. If they still have such silly, arbitrary policies, and they have the spare time to follow up on things, they can still see what's going on. Blocking port 80 to protect everybody though, as opposed to enforcing their nonsense policies, is still bad. Why don't they start sniffing that same traffic and identify offenders on their own network. I'm sure many people on this list could supply them long lists of affected IP addresses (maybe not from your cablemodem experiences any longer, but from work, school, your sister's friend's server, etc. Why don't they do something to clean up their own house, rather than hide the symptoms. Basically, I'd rather have all the traffic. To have my ISP decide what traffic is good for me and what isn't, just stinks IMHO. The lunacy that ensues every month or two when yet another "m$ RAS feature" is introduced into the wild needs to be addressed, but not by the ISPs...at least not by simply blocking all traffic to certain ports. Oh well, probably nobody cares, but I feel better for having whined a bit about it :) Wes > I would say that Cox did the right thing several months ago by blocking port > 80. It stopped a S**tload of code red and nimda infected systems from infecting > the whole of cox's network.