it's a worm. use traceroute to determine who is responsible for the IP the scans are originating from and send mail to {HOST}@abuse.net informing them that one of their users has an infected machine. Jonathan Hutchins wrote: > > I'm getting hit by wave after wave of requests on my web server