I made a post earlier in the month about my concerns with 5.3 and I reffered to 2 of my servers having tcp lockups, but on the most problematic service I made some changes to the kernel and so far it has been running very good network wise. 9:26PM up 28 days, 1:01, 1 user, load averages: 0.16, 0.17, 0.16 FreeBSD 5.3-STABLE #0: Thu Feb 3 15:48:42 GMT 2005 Now the server is a celeron 2ghz realtek network card on a 100mbit connection, its average load is 1500 simultaneous connections, handles average sustained traffic of 0.5mbit-1mbit/sec and often has to burst to over 20mbit. During this time it has also taken around half a dozen DDOS attacks using 100% network utilisation. My kernel config (not full paste but whats diff to normal GENERIC) cpu I686_CPU (others removed) options AHC_REG_PRETTY_PRINT - disabled options AHD_REG_PRETTY_PRINT - disabled options ADAPTIVE_GIANT - disabled (*) device apic - disabled (*) device sl - disabled device ppp - disabled new options options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=50 options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_FORWARD options IPDIVERT options IPSTEALTH options DUMMYNET options TCP_DROP_SYNFIN options HZ=1000 options NO_ADAPTIVE_MUTEXES (*) options CPU_ENABLE_SSE options SC_DISABLE_REBOOT options SC_NO_HISTORY options DEVICE_POLLING * = I think these 3 things are what has greatly improved the stability of the server, the other changes listed are for different reasons other then stability but I showed them so others know what I am running with. Are adaptive_giant and adaptive mutexes advantageous to UP systems? Note - also hardware devices disabled in kernel not in server, device polling in kernel but not activated, cpu_enable_sse probably useless line.