One of our large local customers here in Atlanta was hit with a brute-force and extremely intensive REGISTER scan late this morning/early this afternoon from 5 IPs -- 2 in Indonesia, 1 in Argentina, 1 in Russia, and one other from the Philippines that I don't have on hand: 125.162.94.57 110.137.65.131 186.137.208.202 217.118.90.189 ... that we could identify. We don't know if they were part of a coordinated scan or just launched in parallel, but they were fairly sophisticated in that they detected the nomenclature and length assignment patterns in extensions (403 Forbidden vs. 401 Unauthorized, I suppose) and zeroed in on those. No toll fraud took place, but they did take down several Asterisk processes due to Asterisk's inability to cope with this volume of requests. I would have put the intensity at about ~5-10 per second. -- Alex Balashov - Principal Evariste Systems LLC 1170 Peachtree Street 12th Floor, Suite 1200 Atlanta, GA 30309 Tel: +1-678-954-0670 Fax: +1-404-961-1892 Web: http://www.evaristesys.com/