Hi, Just found the following in /var/log/messages:
Jul 24 13:23:44 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= SRC=62.134.72.190 DST=213.122.60.116 LEN=288 TOS=0x00 PREC=0x00 TTL=114 ID=28413 PROTO=UDP SPT=4288 DPT=135 LEN=268 Jul 24 13:23:45 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114 ID=28699 PROTO=UDP SPT=4288 DPT=135 LEN=88 Jul 24 13:23:46 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114 ID=29034 PROTO=UDP SPT=4288 DPT=135 LEN=88 Jul 24 13:23:48 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114 ID=29679 PROTO=UDP SPT=4288 DPT=135 LEN=88 Jul 24 13:23:52 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114 ID=31031 PROTO=UDP SPT=4288 DPT=135 LEN=88 Jul 24 13:24:00 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114 ID=33632 PROTO=UDP SPT=4288 DPT=135 LEN=88 Jul 24 13:24:16 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= SRC=62.134.72.190 DST=213.122.60.116 LEN=116 TOS=0x00 PREC=0x00 TTL=114 ID=38734 PROTO=UDP SPT=4288 DPT=135 LEN=96 A whois shows that the source IP is registered to someone in the People's Republic of China. Before I go off half-cocked on this one, Has anyone any idea what it might be about? I've done a google and spotted a virus alert about HLLP.4288 but can't find a description, other than that it affects .COM and .EXE (another good reason for avoiding microdog!). Of course, our friend in China might be a victim (if he's got the virus and it's trying to contact other instances through the net). Anyone got any idea of what's going on or suggestions on my next step? Cheers, Colin _______________________________________________ Scottish mailing list [EMAIL PROTECTED] http://mailman.lug.org.uk/mailman/listinfo/scottish