> > Those open UDP ports are most probably connections for the syslog. > For a process to send UDP packets, it needs to open a UDP socket. > Once "openlog" runs, it opens a socket for later use. > > I saw "probably" because it is always possible that someone has > subverted the code and is using the socket for more than syslog, but > that would be far more clever than anything I've ever seen a real > intruder do. Well, maybe the 'really clever' stuff is that which you dont see. :-) ------------------------------------------+----------------------------------- Mailed using ELM on FreeBSD | Karl Strickland PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk |