> These packets are delayed ones, probably due to high latency (heavy load > on line ?). Most of the time, there's not much to worry about, > especially on DSL line when upload goes up. How can i uniquely identify such packets so that I don't log them and just drop them? Is this possible? > Seems that someone wants to ask some DNS stuff to your box :) Maybe this > IP is declared somewhere as authoritative for a domain or someone use it > as forwarder. My primary objective is to log suspicious packets only. Any pointers on how I can do that? -- Warm Regards ~~~~~~~~~~~~~~~~~~~~~~~ Vinayakam Murugan Viruses getting you down? Get your virus protected mailbox at http://www.tassm.com Linux: The choice of a GNU generation