> I'm getting fed-up of my users doing ping floods (ping -s 8000 host)
> whenever they encounter a lame user on IRC.  Can anyone suggest a way
> of keeping ping ability available to users without them being able to
> run commands like this which will soak up all my bandwidth uselessly?

This is a human problem, not a technical one.  Block -s, and they can
just "while :; do ping host &; sleep 1; done &', wait a minute, and
kill the loop.  Or write a program to spray the target host with UDP
packets, or TCP connections, or whatever.

If the problem really is restricted to ping, why not just create a
"noping" group and make ping 4501 root:noping, and as users abuse ping,
they get added to the noping group.  (Yeah, those particular users lose
ping capability, but I don't consider that a problem; they deserve it.)

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B