Hi Chrisopher;

> >  but would I gain anything by running proftpd tunnelled through ssh?
> 
> If you think that proftpd is any better/more secure, then perhaps yes. 
> However, tunnelling through SSH makes it a real pain in the arse for 
> your users. sftp acts just like ftp except that it has a different 
> name., Most users aren't aware of any difference.
 
Well, I know how to chroot a ftp user to his own directory with proftpd :)
I can't find that info for my current implementation.  I'll look at vsftpd, 
thanks.

> > - every couple minutes or so, one of the ISPs DNS servers opens a port 
> > 53 to my server, what's up with that?
> 
> TCP or UDP? Are you sure that the connection is incoming and not outgoing?

well, netstat thinks it's incoming.  Unless I misunderstand netstat it should
 be TCP, I'll check on the netstat output when I'm home again.

> 
> >  I'm running with a static IP behind a firewall, I don't have named 
> > running, I'm just using a hosts file.
> 
> If you have a DNS server set up (like from your ISP), then you're using 
> DNS despite your hosts file. You're just not *serving* a DNS server.
 
   true.  but it has to be coming from somewhere internal to my network, 
somehow,
but I'm not running named etc and I certainly don't forward any UDP traffic 
through my router
 at all, and not port 53 TCP.

> I've heard of others running X on these little guys. Does anyone have a 
> good reason other than to be able to say "hey! that little thing over 
> there is running X, baby!". Just seems like a waste of what little 
> processing power these things have.

plus it's a nice way to weaken your security.  But I want to see how it does.  
Andeas emailed that is was available in the /current directory so I"ll grab it later and see what happens.

> I know a bunch of people who use tripwire. I probably should be.

Thanks for the reply!

Brian