Hello All This morning, my ADSL wi-fi router's wired connection would not connect to http or email services (nntp was OK though). My wi-fi connections through the router were unaffected. Rebooting the router cured the problem but the router log said the following (snipped for brevity): 09/20/2004 00:01:33 **Smurf** 212.159.XXX.0, 32768->> 212.159.13.50, 53 (from ATM Outbound) 09/20/2004 00:01:33 **Smurf** 212.159.XXX.0, 32768->> 212.159.13.49, 53 (from ATM Outbound) 09/20/2004 00:01:29 **Smurf** 212.159.XXX.0, 32768->> 212.159.13.50, 53 (from ATM Outbound) 09/20/2004 00:01:29 **Smurf** 212.159.XXX.0, 32768->> 212.159.13.49, 53 (from ATM Outbound) 09/20/2004 00:01:28 **Smurf** 212.159.XXX.0, 32768->> 212.159.13.50, 53 (from ATM Outbound) 09/20/2004 00:01:28 **Smurf** 212.159.XXX.0, 32768->> 212.159.13.49, 53 (from ATM Outbound) 09/20/2004 00:01:26 **Smurf** 212.159.XXX.0, 32768->> 212.159.13.50, 53 (from ATM Outbound) 09/20/2004 00:01:26 **Smurf** 212.159.XXX.0, 32768->> 212.159.13.49, 53 (from ATM Outbound) 09/20/2004 00:01:25 **Smurf** 212.159.XXX.0, 32768->> 212.159.13.50, 53 (from ATM Outbound) 09/20/2004 00:01:25 **Smurf** 212.159.XXX.0, 32768->> 212.159.13.49, 53 (from ATM Outbound) 09/20/2004 00:01:06 **Smurf** 212.159.XXX.0, 32768->> 212.159.13.50, 53 (from ATM Outbound) 09/20/2004 00:01:06 **Smurf** 212.159.XXX.0, 32768->> 212.159.13.49, 53 (from ATM Outbound) 09/20/2004 00:01:02 **Smurf** 212.159.XXX.0, 32768->> 212.159.13.50, 53 (from ATM Outbound) 09/19/2004 23:59:51 192.168.1.10 login success This last line is interesting - my login port is supposed to be a different address! What do all these smurfs mean? There were hundreds and hundreds of them. My Wi-Fi has got 128 bit WEP enabled with a hex password (i.e. not a passphrase)and my router firewall is enabled. I have antivirus protection which is up-to-date and I run Adaware and Spybot S&D almost daily. I recognise the 212.159.XXX. octets as part of my ISP (Plusnet) issued IP range (thus the 212.159.XXX.0 used is the base address), and I recognise the PN DNS addresses in this list too. The questions I want to put to you are: 1) What else can I glean from this log? Port 53 is the DNS port, and port 32768 according to [URL]http://grc.com[/URL] is "Filenet TMS" 2) What do I need to do to stop this happening again? If someone can confirm my suspicions i.e. it is a "smurf" hack attempt, I can get on Google and read up of course. Thanks in advance for your advice Cheers RMC