I was just running lsof the other day on our sunos system. It seems that almost every program we're running has a udp port open. My big concern is, what's it there for? Is it waiting for udp packets from someone, telling it to start dumping keystroke logs? Or is it normal? And how would a lowly sysadmin like me be able to tell the difference? (Apart from tripwire on the affected programs.) An abbreviated list from lsof: ] in.telnet 880 root 0u inet TCP sunhost:telnet->termserv:7045 ] in.telnet 880 root 1u inet TCP sunhost:telnet->termserv:7045 ] in.telnet 880 root 2u inet TCP sunhost:telnet->termserv:7045 ] in.telnet 880 root 4u inet UDP *:632 ] in.telnet 1034 root 0u inet TCP sunhost:telnet->termserv:6049 ] in.telnet 1034 root 1u inet TCP sunhost:telnet->termserv:6049 ] in.telnet 1034 root 2u inet TCP sunhost:telnet->termserv:6049 ] in.telnet 1034 root 4u inet UDP *:786 ] pine 5550 usera 4u inet UDP *:1705 ] sendmail. 5660 userb 5u inet TCP sunhost:smtp->anotherhost:4386 ] sendmail. 5660 userb 6u inet UDP *:709 ] sendmail. 5660 userb 7u inet TCP sunhost:smtp->anotherhost:4386 ] lsof 5678 root 8u inet UDP *:766 -- Charles Howes -- chowes@helix.net Always tell the truth, then you make it the other bloke's problem! - Sean Connery, 1971