Dangit, dangit, dangit! I missed disabling one of those "DEFAULT: Allow all networks to access inbound tunnel" filters. Someone port scanned the Customer, and now I look like an idiot.
Can anyone see ANY reason for those filters now that the GNAT Box has the check-box to create one when you create the tunnel? At the very least, I think they should be disabled by default! If I wanted an Accept Any/All filter, I would have checked the box for it when I created the tunnel! If I didn't check the box, don't give me an Accept Any/All filter I didn't ask for!! (Whatever happened to the "anything not explicitly allowed is denied" mentality? If I make a mistake I want the GNAT Box to err on the side of too much security, not too little!) Mike Burden Lynk Systems (616)532-4985 [EMAIL PROTECTED]
