With all the probes going on to various AMPRNet hosts, it might be wise for you to configure your hosts to NOT reply when an attempt is made to access a port on which nothing is listening. Ordinarily, a host system will reply with a TCP reset or a UDP port unreachable, and this contributes to the outbound traffic from your host. There are probably 'blackhole' options you can set. On FreeBSD, they are sysctl net.inet.tcp.blackhole=2 sysctl net.inet.udp.blackhole=1 I don't know if Linux has similar options. I rather assume it does. Note that the latter option may break traceroutes to your system. It's probably also wise to limit the number of replies to pings so that rabid pingers won't pollute your outbound connection. sysctl net.inet.icmp.icmplim=5 Which limits replies to 5 per second, down from 1000 default. In the Linux kernel, there is what seems to be a similar option: sysctl net.ipv4.icmp_ratelimit=5 Perhaps someone can confirm that this is correct. - Brian