I have found that in my company that several servers try to authenticate back to the client as described in: http://support.microsoft.com/kb/555564 The applications aren't exclusive to the FTP daemon, but I've also seen it with CVS. Turning off the firewall remedies the problem. I've tried to add an inbound connection rule that would accept a connection to port 113, and would as a result fail quickly. I've left the rule as broad as possible, but it doesn't appear to have any effect. I little bit of further confusion is thefact that if I enable logging on the firewall I don't see the inbound connection request. However, I do see it using the netmon3.1 beta. An example attempted connection from the server, if that helps any one: 60.061003{TCP:3, IPv4:1}192.168.20.69192.168.20.117TCPTCP: Flags=.S......, SrcPort=38336, DstPort=Identification Protocol(113), Len=0, Seq=1153304368, Ack=0, Win=5840 (scale factor 0) = 5840 Any suggestions on how to proceed would be greatly appreciated. Karl