First, I'ld like to thank everyone for their help. Second, I found (on a it website that I cant remember at the moment) that prisoner.iana.org is used for reverse dns lookups... Win2k server feels a need to post its networks reverse dns data to this (and possibly other servers). In many cases there is no reason for this to happen. There is a registry edit that supposedly stops the server from posting the reverse dns data (search the knowledge base if you are interested).
As far as my floppy problem, someone suggested it might be NAV, which it turned out to be. I still am at a loss trying to figure out how there are what SNORT calls incomming proxy scans/SQUID proxy scans/port scans getting through my SMC Barricade firewall to internal ips. So far I have not been able to duplicate any of the attacks and I am at a loss... if anyone has any ideas on how to fix the problem, has had a similar problem, or has more of a clue about firewall pen-testing than me (which should be about everyone) I'ld apreciate any help I can get. John D Best Price Cruises Technical Staff [EMAIL PROTECTED]