I seem to be getting portscans of my network from 166.49.72.158; which, when I nmap, shows up as 'live-split.wtn.rbn.com'. this seems to be one of Real Networks' servers. what's the proper netiquette for alerting some host that they might have been compromised? Carl Soderstrom _________________________________________ Systems Administrator 307 Brighton Ave. Minnesota DHIA Buffalo, MN carls at agritech.com (763) 682-1091 --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org