Sorry to pester on this. I've been working with a couple of clients who had connectivity issues. All more or less had the same problem, the dreaded viruses/worms/etc* issues. I was forwarded a call from tech support for a 'favored' customer and was told to get them up no matter what. Making a long story short, their machine had their dialup settings changed somehow to call a number (cust is contacting telco to see what number was dialed) and connect to the following address 12.129.205.220 ~> whois -h whois.arin.net 12.129.205.220 AT&T WorldNet Services ATT (NET-12-0-0-0-1) 12.0.0.0 - 12.255.255.255 CERFnet ATTENS-LAX1-1 (NET-12-129-192-0-1) 12.129.192.0 - 12.129.255.255 Nothing but a webpage that states "Place Holder" is located there. Normally I wouldn't even care, but I recall someone else mentioning this address earlier in the day. So I called and confirmed there have been a few hijacked connections going to this machine. Anyone know how a contact for this range? Also has anyone heard of anything similar? Thanks and apologies if inappropriate =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D sil @ politrix . org http://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net "Men have been taught that it is a virtue to agree with others. But the creator is the man who disagrees. Men have been taught that it is a virtue to swim with the current. But the creator is the man who goes against the current. Men have been taught that it is a virtue to stand together. But the creator is the man who stands alone." -- Ayn Rand