>If someone unauthorised is on your machine can they not just as well >remove firewall rules?
Well, not without getting root first. And making something listen that spawns a shell usable to gain further access is a big win. Keeping uploading PHP code to some vulnerable webserver will at some point be noticed. Uploading something spawning a shell once probably not. -nik