<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> You'd do that at your firewall or any other routing device between your K12LTSP server and the Internet. Simply add in an ACL to stop any output from the server's outside IP address on those specific ports. But what you really need to do is find out why that traffic's being generated in the first place and where it's actually coming from.. We're recently seeing infestations on our Windows boxes by Trojans that talk on TCP port 6667. We've had to ask our on-site technicians to re-image several machines at several schools already. Remember that your "anti-malware" software often will not be able to detect a recently released Trojan, virus, or worm. --TP <div class="moz-signature">_______________________________ Do you <a href="http://www.gnu.org">GNU</a>? <a href="http://www.cmosnetworks.com">Microsoft Free since 2003</a>--the ultimate antivirus protection! </div> Jim Anderson wrote: <blockquote cite="mid1315fcd60804082058r65ce218ap47cab3b9022b0d88@mail.gmail.com" type="cite">Hello all, I'm running K12LTSP v.5 in a computer lab that includes 2 Windows clients hanging off the internal network. We've received notice from the ISP that suspicious activity is occurring from the server's outside IP address on three different ports. How can I block those ports (I think the problem could be originating from the Windows 2000 machines). Jim <pre wrap=""> <hr size="4" width="90%"> _______________________________________________ K12OSN mailing list <a class="moz-txt-link-abbreviated" href="mailto:K12OSN@redhat.com">K12OSN@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/k12osn">https://www.redhat.com/mailman/listinfo/k12osn</a> For more info see <a class="moz-txt-link-rfc2396E" href="http://www.k12os.org"><http://www.k12os.org></a></pre> </blockquote> </body> </html>