I'm seeing tcp traffic originating from my server going from the 'Registered' ports to the port range of 6660-7000. I do not see a pattern to the destination addresses but there are many. I run 'netstat' fairly regularly and can't recall seeing this before. I've temporarily blocked outgoing traffic to those ports so they are all in the 'SYN_SENT' state. It does not appear to be causing my known apps to suffer?? The server is old - running FC5 with incoming traffic limited to smtp and http by a dedicated firewall/router. The sw is as up-to-date as the FC5 repositories (ie. outdated) I've searched google for known vulnerabilities but have not found anything that matches what I'm seeing. Is it just something I've missed all this time or a true change/problem? If it's a problem, I suppose it's time for an update to something more recent . . . Any ideas / suggestions / help appreciated. Thanks; Alex V. ==== -- This message has been scanned for viruses and dangerous content by Avantel Systems, and is believed to be clean.