I am always amazed how fast hacker attempts are on a new installed machine. I install the machine, plug in the Ethernet cable and within 1 hour I see messages, like: sshd: Invalid user ftpd from 61.243.232.22 or a combination of: sshd: Invalid user guest from 210.117.180.111 sshd: Address 210.117.180.111 maps to dalmuri.chonbuk.ac.kr, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT! What is the difference of these two attacks? Most anoying is now that the ethernet port reports into /var/log/messages: kernel: eth0: link down kernel: eth0: link up kernel: eth0: link down (up to down in the same second, two seconds later up again, ......) I have tried to use another IP address, but it keeps the same. What can I do now? Only to plug out the cable stops it. (and yes, I agree that hacker attempts should be jailed, ... hehehehe - or like I read once, they should be hung up on their balls -- or whatever!) bye Ronald Wiplinger