Could'ent i just block the IP adress's ???
If you try to do that for each ip address that NIS reports an attempt to connect from you will spend the rest of your life putting ip addresses into the blocked part of the firewall.

As long as you are confident that you have a clean pc, what you see reported from your firewall is just noise from the internet and nothing to worry about.

Let me explane how a trojan like sub7/back orifice works. There are two parts to a remote access trojan. The client and the server. The server needs to be installed on a targets pc, the client needs to be on the bad guys pc.

So having installed the server part of the trojan on a target the bad guy neads to connect to the server useing the client on his pc, from here he can carry out his hacking activities. Now it is not that easy to target a particular pc. The best way to install a trojan on a target is to send the server to as many pc's as possible. In the hopes that at least one numb nut will actually install it.

Not knowing which pc has the server installed, the hacker will have to find that pc. He does this by scanning a whole range of ip addresses untill he finds an ip address with the server active on it. He can then connect and do his stuff.

What your firewall is alerting you to, is the fact that some one is scanning a range of ip addresses, one of which is yours. That does not mean you are being attacked, just that someone is looking for someone to attack.

Hope this helps you some......................................................................................................................................................................And if anyone picks me up on useing the H word, i will rip your arms of and beat you with the soggy end