Yesterday I enabled the Leopard firewall by selecting the "set access for specific services and applications" option. In particular, I enabled incoming connections for iChat.app and for Transmission.app. I did not specify any applications or programs other than those two. Today, as I was checking my Leopard preference panel, I noticed that a third program, a UNIX executable under the name natd, has been added to that list. This binary is located in the /usr/sbin folder, so it must be some really low-level process. Also, according to finder it has not been opened since last September. Do you have any idea how this binary made it into the firewall settings? Is it placed there by Leopard itself? Could it be a trojan or malware? Thank you.