I came across some unusual probes from this week past and here are a couple pieces: Dec 7 17:58:30 SRC=82.35.107.218 DST=my.ip.addr.249 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=1071 DF PROTO=TCP SPT=3227 DPT=1214 WINDOW=16384 RES=0x00 SYN URGP=0 Dec 12 22:44:22 SRC=67.10.135.201 DST=my.ip.addr.116 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=64154 DF PROTO=TCP SPT=2297 DPT=3787 WINDOW=0 RES=0x00 ACK RST URGP=0 How are they related? That's what I'd like to know. The first packet is part of a twelve hour probe and the second is one of two ACK RST's a few days later, hidden in another string of probes. It looks like KaZaA, but then again it don't. What do ya think it is? My observations - http://farmer6re9.isa-geek.org/annals/owl/screech.txt ~25k Sequence Plotted - http://farmer6re9.isa-geek.org/sv2492494.jpg ~74k Just wondering if anyone else is seeing this... Peace, farmer6re9 -- Eating Crow is better with MyCrowSauce -- The Toronto Linux Users Group. Meetings: http://tlug.ss.org TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml