Hi list, I need shortly your advice! I saw today into my logfile and saw a SSL-attack, was somewhat more extensive that than usual. The "daily security report" says me now: OLD: /var/lib/secchk/security-report-daily Sun Nov 10 00:00:08 2002 NEW: /var/lib/secchk/security-report-daily.new Mon Nov 11 00:00:08 2002 * Changes (+: new entries, -: removed entries): + httpd root UDP *:12396 + httpd root UDP *:12397 + httpd root UDP *:12399 + httpd root UDP *:12400 + httpd root UDP *:12405 + httpd root UDP *:12407 + httpd root UDP *:12410 Is that a new or modified worm? Did it have success with me? I use Suse 7.3 with all current updates/patches. Many thanks for your help... Mario Neubert