Someone (sorry, don't have the email handy) previously mentioned that they monitor the output from their acme and then blacklist IP's. Very interesting idea -- how are you determining who the "bad guys" are? From the "friendly-scanner" agent field? In what field is this? Are you doing this from the RADIUS CDRs? Thanks, Pete