I'd like not to filter traffic to lucky's ftp server. But I won't tolerate abuse (see attached hammer.zip). I can "block users who connect more than ____ times within ______ seconds for ______ minutes" (or permanently). But I don't want to limit honest folks. I often see this (see attached connect14.txt). That's 14 connections in 9 seconds, obviously not done manually (what is TCC doing?). Any suggestions for some anti-hammering settings?