I just hooked up the wrt54gx the other day and ran a port scan against it. To my suprise the scan showed EVERYTHING open. I first thought maybe something was wrong with the port scanner I was using so I tried 3 different scanners and all had the same results. I was performing full tcp connect scans. so, to my question: It appears linksys has taken the 'evil port monitor' approach to security. Whereas all common server ports are open and accept a connection for the purpose of reporting/logging that this event occured. A way to report that "hey, someone just tryied to connect to you on port 80 etc..." In this scenario it accepts the connection only to report it, there is no server/service actually running. The PROBLEM with this is that you are drawing A LOT of attention to yourself on the internet for further detailed scans and possible DOS and/or exploitation of any service that may really be running. So instead of you maybe running a few services on non-standard ports that would go unoticed on the internet you are now literally screaming and yelling "hey, look at me, look at all these services I have ready for you to try to exploit". I just hooked this up and have not been able to do a lot of research yet but I remembered coming across this site so I thought I would post here first. is this normal operation of this unit? can I turn it off? did they really do this? If so I have to go buy a new router.