Hi friends, I get an answer from a friend of mine. This weird traffic comes from Blaster. Check http://www.goonda.org/lists/dragonidsuser/2003-08/msg00095.htm to see the details. My error was to monitor traffic on ppp0 and belive that packets from 127.0.0.1 to my ppp0 IP was in the inside to ouside direction... Actually those packets were comming from outside to inside (from some clever windows guy). The lesson learn is that you must monitor traffic at least in two points when the packets are weird: if I had monitored at the same time my interface loopback (that simple god!) I would have seen there was no real traffic comming out from my local 127.0.0.1. Now I ask myself, should'nt my ISP stop routing packets which contain a local 127.0.0.0/32 IP as dest/orig ? My second question is about how to stop that... Before turning off the martian logs (which I would like to keep on), I am going to try an iptables rule so I drop any packets comming to ppp0 from any 127.0.0.0/32. Anybody tried that already? Will that stop those blaster martian logs? I'll try out and I'll tell you what happends. Is hard to escape windows bullshit even for unix users... I propose a separate "winnet" optimized for their MMS needs!!! Regards, Pep Serrano.