dunno, but i know this has been an issue since the rt314 product ( 1999-2000? ) a simple nmap -sS target trigers it external, and no supprise internal as well. ( not fun running pentests behind one of these babys ) i dont know if you noticed that existing connections dont appear to be affected ( IM and streaming traffic ) but dns generally gets hosed. my2bits, Donnie Werner http://exploitlabs.com