Couldn't think of any other name for it. :) I'm currently monitoring what appears to be a port scan originating from multiple sources. Looking thru my Filter logs I see individual source IP's checking random ports. Each source IP appears to check only one port. I haven't seen any duplicate source IPs yet but I have seen duplicate ports. So far ISA has blocked everyone of them. I've monitored the external and internal traffic and so far nothing has gotten thru. The scan has gone on for a little over 2 hours at this point. The scan/attack hasn't appeared to affect performance. I'll comb thu the log after a new log is started (around midnight) to see what I can find. Michael "Never attribute to malice that which can be adequately explained by stupidity." Hanlon's Razor