Haven't seem IP spoofing (yet). >things like number of attacks, number of successes, and number of compromises Lost count of number of attacks, no known successes, no known compromises. >(along with things like the top ten attacks you've seen) (1) Usually several send-mail attacks a day. One recent weekend had eleven in a 8 hour period. (2) Unable to identify precise nature of attack against high numbered ports, but happens so fast it must be a scripted attack. Usually once or twice a day. Often from known critter breeding grounds. (3) Approximately 1 attack per week over dial up lines. These critters often try to get in using system administrators names, even though we have never made the sys admin's names known to anyone and they don't use dial-up. The critters clearly did their homework. I am not a system administrator. Just a simple farm boy out of his depth. I like the idea of an e-mail server to deal with the attack topic. Am certain I would learn something from it. Hog Farmer