> The only thing that bothers me is that I didnt want syslogd to listen on its > UDP port, but i guess I will just check the address of the incoming packets > against the loopback address. (Didn't try that yet, thougth.) Packets can be made to show up on your ethernet port with 127.0.0.1 as the source and destination. Though I guess if you make sure that the packets have loopback for both source and destination, and make sure that there are no source-routing options, then either spoofed packets have from systems on the local LAN, or your routers have been hacked. -- Tom Fitzgerald 1-508-967-5278 Wang Labs, Lowell MA, USA fitz@wang.com