That 192.168.20.60 is trying to connect to 209.225.0.6 is obviuos, by the lenght and the syn looks like a get. Have you checked if that box (168.20.60) has any virus or anything like this?? Hello Andreas, Saturday, February 21, 2004, 8:25:47 AM, you wrote: AM> Hello! AM> Just wrote a little iptables-script not allowing connections AM> to port 80. AM> Now in the log I see this: AM> Feb 21 11:53:41 delta kernel: DROP-TCP :IN= OUT=eth1 SRC=192.168.20.60 \ AM> DST=209.225.0.6 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=22160 PROTO=TCP \ AM> SPT=41197 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 AM> It seems that with every request to a website there is also a request to AM> IP 209.225.0.6 wich leads to exodus.net. AM> I am completely worried about this. Who can tell me what is going on? AM> Regards -- Best regards, Alexis mailto:alexis@xxxxxxxxxxxx