I just looked at my webserver logs, and it seems that NACS is probing all webservers for known holes (from IP 128.195.161.50). Since my stuff is pretty much locked down, all that this does on my machines is filling the log files. In addition, the script is pretty dumb. Probes for IIS holes don't make much sense on Linux boxes running Apache. -Joe