Josh More wrote: > I have seen some PHP X-site scripting/mail injection attacks that fit > within this time frame. Perhaps you are seeing the results of > successful attacks? How about a port 53 (DNS) attack? That's what I'm seeing, using iptraf to monitor it. -dc