Jonesy69,

Not Australia; in the Philippines. I'm using dial-up connection hence the local address may vary at various instances that I do conect but the country code stays though not always the same ISP as the highest baud rate made available is what I'm primarily after online.

The massdown.exe is actually Mass Downloader from www.metaproducts.com. I'm using it now as a test replacement after purging DAP off my system. I do need that facility since I normally schedule downloads in MB size while I go to sleep.

The reason for the increase in the "traffic noise" is my hyping up the blocking rule to include all inbound TCP/UDP. After all, these are unsolicited and, therefore, to be considered as possible intrusion attempts. Authorized inbound TCP/UDP are based on "agent" carrier in this case, i.e., the active URL I'm connected to at the time of the transaction. Anything else falls under the intrusion category. I have yet to identify the individual IPs and I do also plan to compare them with the Web History log to see if anything signficant is worth deducing.

I've taken a look at dshield.org... and yes, I'm considering that as another possible avenue. After all, the wider the population base for a sample, the more reliable the data are in terms of representation.

BTW, in the course of my initial recording (manual as I failed to save the NIS logs before increasing the log sizes), I encountered the following addresses as TCP sources: 24.33.258.191 and 24.255.105.249. When I checked them with IP to Country, I encountered an error message saying the IP address should be valid. MsMittens' recommended site (www.isc.sans.org) returned USA (Cox Communications Inc.) for the latter but none for the first IP address. That, of course, may just open up another issue--the existence of the IT "netherworld"(?).

Cheers.

-Goitz