That I was advertising the fact that this machine was vulnerable to backdoor attacks never occurred to me. Although I did not recognize these attacks as Nimda, I should have known better. When I posted this I thought it was just someone out there hammering my server. Thanks Holger.
Jim Grossl Boise, Idaho USA One final remark! Never post a trace like yours on an open list with original IP-Addresses in it, even if its not yours!!!! In this case, if its nimda, this machine is infected, and has probably still the vulnerability and backdoor on it. Better inform the owner of the machine and do not post the Ip-Address. Holger Reichert www.holysword.de [EMAIL PROTECTED]
