I was working on a configuration issue on my smb.conf and was looking thru log.smb to find any error messages. While I did that (and fixed that particular problem BTW) I came across the following: log.smb: Connection denied from 210.8.103.146 log.smb: Connection denied from 206.222.222.3 This would indicate to me that someone was trying to access smbd across the Internet. Now I have all kinds of lovely little breadcrumb traps that not only deny access to other processes and ports but also send me a kind little warning email that someone has been nosing around my system. But this sort of thing has evidently escaped me for some time. I understand I could get this logged to syslog as well but that doesnt give me any notification that something is going on. I could also write a cron job that scans these files but why isnt there some sort of alarm flag raised? The host allow/deny stuff is set to where no one can get in and samba is bound only to interfaces internally. Any other suggestions? Henri J. Schlereth -- ------------------------------------------------------------- "All data leaves a trial. The search for data leaves a trial. The erasure of data leaves a trial.The absence of data, under the right circumstances,can leave the clearest trial of all- Dr Kio Masada" -------------------------------------------------------------