Hi I read the pdf detailing new changes in 5.3 networking and noticed a new sysctl variable is added 'net.inet.ip.process_options' Here is the description. "IP Options do not have any practical use today. The only useful application is RR (Record Route) where it remembers the last 8 hops the packet traversed through. That allows you to check parts of the path back to you. IP options processing is rather expensive because the packet header has to be modified and expanded. In addition the only other use is to circumvent or trick firewalls thus it is normally blocked there. The options are these: (By: andre) # sysctl net.inet.ip.process_options=0 Possible Modes: net.inet.ip.process_options=0 Ignore IP options and pass pkts unmodfied net.inet.ip.process_options=1 Process all IP options (default) net.inet.ip.process_options=2 Reject all pkts with IP options with ICMP IPv4 Processing" As it says above mine is set to 1 the default, would setting it to 0 help with things like DDOS attacks because it is processing less and what side affects if any could I expect from ignoring ip options? thanks Chris