Doug, You are seeing a portscan. The :2245 after the TCP/IP address is the port it is trying to connect to. Many ISP's scan their networks to find stuff, and register stuff in DNS so it knows how to resolve addresses. Other stuff is hackers or others trying to get in. If y o have file and printer sharing enabled, be very cautios of anything trying to connect to port 137,UDP as that is the netbios port for sharing on a Microsoft network. Browse to www.arin.net (American Registry of Internet Names)and in the upper right cornet there is a "whois" search and you can look up the ip address to find out where/who is trying to connect to your computer. You may only be able to resolve it down to the local ISP only as they have what they call netblocks and they control the addressing and assigning of the ip's. I have a hardware firewall installed and get these attack entries in my logs all the time. Some of it is attempts, other times it is just the background noise of the internet, like servers trying to contact other servers. I would also set your firewall to block outbound traffic to stop programs from going outside like Trojan programs or spyware that you may have inadvertently downloaded from a web site. Have fun examining the logs. David Dodge -----Original Message----- From: kegswindows-bounce@xxxxxxxxxxxxx [mailto:kegswindows-bounce@xxxxxxxxxxxxx] On Behalf Of Doug & Betty Pizac Sent: Friday, February 14, 2003 7:36 AM To: kegswindows@xxxxxxxxxxxxx Subject: [kegswindows] inbound TCP connection Having been zapped by a new virus several months ago after not noticing my Norton anti-virus subscription had lapsed, I upgraded to Norton's SystemWorks and Personal Firewall 2003 and turned up the security. For the past few weeks, the program has blocked over 200 "inbound TCP connection" attempts and a dozen or so "inbound UDP packets." When I block the transmission, it comes back from the same source with a slightly different address. For example, when I block an attempt from 217.227.77.172,23730 the attempt repeats from 217.227.77.172,23150 then 217.227.77.172,23348 and so on. After about as many as six blockings, it gives up, but tries again later. What do TCP connection and UDP packet mean? And how can I get this to stop. I'm hooked to the Internet via Earthlink's DSL service. How can I find out who this entity is that's trying to connect to my computer? ...Doug Pizac