Jeff, Thanks for the quick response. My firewall is a NAT, and does have an HTTP proxy on it. But I do not use the 192.168.27.X address space anywhere, and I am seeing several dozens of different source addresses on these packets - none of which I use (all in the 192.168.X.X range). It looks as though someone is trying a brute force 192.168.(ALL):80 --> (Firewall):(All ports) scan. The bogus packets are originating outside of both my internal net, and my DMZ. I know this because they do not trip the "drop and log" rule on the DMZ or the internal net (although I am confirming I have both of these set the way I believe I do, even now!) A tracert to these bogus IP addresses reports destination unreachable, at the next hop after my router (ISP maintained, I have no control over the router). So I don't know what they could be looking for... Or how they expect to know when they have or haven't found it. :o( I am at this point adding a rule outbound internet to block any and all to this range specifically. Guy Skaggs - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
