Scenario: I have set Port Sentry up to determine when I am being scanned (I find it more sensitive to some scans than scanlogd). In addition to logging the port scan, it is set up to drop the route between myself and the scanner via "/sbin/route add -host [IP address] reject". I have no problem with this, -except-, when I go to add the route again (as I had to do recently with my ISP when they scanned this IP block for open servers), I get a double entry in the routing table (see below). I re-add the address using route add -host [IP Address] eth0 and it is added back to the table and mark as being up and accessable. However, the original rejected route is still there. When I go to delete this, it deletes the address I just entered, and then give an error if I attempt to delete it again. This is not causing any problems, but I would like to remove the duplicate entries. Cheers, GC %route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface ch1.hfxcable.co * 255.255.255.255 UH 0 0 0 eth0 ch1.hfxcable.co - 255.255.255.255 !H 0 - 0 - u25n100.hfx.and * 255.255.255.255 UH 0 0 0 eth0 u25n100.hfx.and - 255.255.255.255 !H 0 - 0 - -- Gregory Conron gconron@hfx.andara.com - email (902) 443-4562 - voicemail