Info Tech Geek, Im affraid I must dissagree... I can almost garuntee, that there is other traffic that the user is getting that Sygate is incapable of detecting. If I were to run a sniffer on his network, im positive there would be more to those logs. The advanced rule settings are there for a reason... ;-)

Also, I did not mean for him to block every IP in the log... just ones that look suspicous (i.e. not the portscan attempts).

-Shell_Coder