Folks, My ISP is <sigh> attbi.com. For a while now, I've been flooded with arp "who-has" requests... up to 20/second in spurts and 1-2/second sustained for hours. Most of the requesting boxes are various ATTBI.com routers or gateways, NOT client boxes. Based on what tcpdump is telling me, most of the requests are for a very limited range of tcp-ip addresses. Is anyone else seeing this? Can anyone offer an explaination for why ATT is making what looks very much like continous sweeps to keep their ip address mapping up to date? It almost looks like a DOS attack mounted by my ISP'idly, -S