I continue (not surprisingly) to get multiple crack attempts per day with my cable modem (eth0). Can anyone tell me what this person was trying to do? 192.168.1.x is my local network (but on eth1) - I specifically disallow all packets coming through eth0 with 192.168.1.x since that means they're spoofing their address. I got a bunch of these last night. (my current IP changed to x.x.x.x). I didn't see 36084 listed in /etc/services. Jul 2 21:32:08 dave kernel: Packet log: rr-in DENY eth0 PROTO=6 192.168.1.3:80 x.x.x.x:36084 L=40 S=0x00 I=18646 F=0x4000 T=47 (#2) Also, I noticed there was a wu-ftpd security announcement the other day. Does anyone know if the RedHat 6.2 update (wu-ftpd-2.6.0-14.6x.i386.rpm) is already patched for that? It looks like someone in Detroit was attempting to exploit that, but I think I've got all incoming connections through the cable modem disallowed. Jul 2 23:39:13 dave kernel: Packet log: rr-in REJECT eth0 PROTO=6 199.179.188.186:2980 x.x.x.x:21 L=48 S=0x00 I=18758 F=0x4000 T=116 SYN (#7) Dave -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.