Hi, I got recently two "interesting" attacks (=not standard M$-kiddies / worms) and would be glad if someone would take the time to explain me what wanted to happen there (145.236.x.x are the dynamic addresses of a freenet provider; of course I don't use any 192.168.1.x-type internal addresses and have no 210.6.33.94 as gateway): Oct 12 21:53:40 moorczy kernel: SuSE-FW-DROP-ICMP-CRIT IN=ppp0 SRC=210.6.34.56 DST=145.236.115.203 LEN=56 TOS=0x00 PREC=0x00 TTL=42 ID=15399 PROTO=ICMP TYPE=5 CODE=1 GATEWAY=210.6.33.94 [ SRC=145.236.115.203 DST=210.6.33.94 LEN=46 TOS=0x00 PREC=0x00 TTL=40 ID=63342 DF PROTO=UDP SPT=1029 DPT=23792 LEN=26 ] Oct 13 13:26:52 moorczy kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=192.168.1.10 DST=145.236.212.120 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=15580 DF PROTO=TCP SPT=1270 DPT=139 WINDOWS=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402) I'm sorry for any typos, I had to type this in, because had these issues only on a folded printout... Thank you, Pelibali