>> If every BGP session in your network is protected by a max-prefix >> limit, no matter who leaks, the damage will be limited and contained. > true, also not univeral, the problem with max-prefix is it does not say *which* prefixes. so even if the drop-bgp stoopidity is corrected, you could end up holding the bogus prefixes, not the good ones. randy