Quoth Matthew Carpenter: > IIRC, it's 135, the RPC port. It exploits a vulnerability on TCP port 135, used by DCOM RPC services. You should also block TCP ports 138, 445, 593, 4444 and UDP port 69 (TFTP). http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/alerts/msblaster.asp Kurt -- As of next week, passwords will be entered in Morse code.