Howzit All !! I just had some person attached on ports 27, 80, 43535. Ports 137, 138 and 139 closed. Also running in the background was 2 instances of iexplore. Even after I killed all aps, and used Zone Alarms lock, the sucker couldn't be thrown off. Only way I knew he was there was with a netstat (i pull one often) Funny thing - Zone alarm didnt sound any alarms. mmmmm. If I havn't ever hit the site, how the heck did he get connected. What method you think he used. Used Neotrace to get more than enough info on his traceroute, registrant and network. Lets say that he's at a Technical Insitute - probably a student. Zone Alarm did however show the iexplore sessions as running - TCActive v2 did not. Windows Close Program did, and that was how I eventually threw him off, or I would have had to disconnect. I even tried WyvernWorks Firewall, great to block open ports, but cant throw active ones it seems. How can I manually throw off active ports with Windows9x. A bit of pascal code would be welcome if anybody got some. Actually any methods will be welcome. Thanks for any light on this matter - in advance.

why don't you block his IP if he is not a dial-up. You must have some service/application running which lead to open port 27. From your message, port 80 and high port is normal, since your machine request certain web page, then that web will randomly select any open high port to get the 3 way handshake complete. The only wierd is your port 27. It's for some sort of mail application. Check your system if there is any mail application is on.