Steve thatz never a solution... I had rather check the LAT and see if the ISA is accessed over terminal and that IP entry is not listed in the routing table. NO offence intended :-) Regards, Mohammed Athif Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 Moble.: +966-509774015 Email: mathif@xxxxxxxxxxxxxxx "Save Internet, Keep all the systems patched" Web: http://alfaisaliah.com <http://alfaisaliah.com/> -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Friday, 28 May 2004 11:40 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Getting 15105 and 15108 http://www.ISAserver.org turn off the alerts.. Steve _____ From: Hamilton, Calvin [mailto:Calvin.Hamilton@xxxxxxxxxxxxxx] Sent: Friday, May 28, 2004 4:25 PM To: Isa Weblist Subject: [isalist] Getting 15105 and 15108 http://www.ISAserver.org What can I do to prevent or manage these events 15105 is ISA Server detected an all port scan attack from Internet Protocol (IP) address 209.217.88.172 15108 is ISA Server detected a spoof attack from Internet Protocol (IP) address 65.116.240.1 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mathif@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') _____ This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than the recipient named above. Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum IT Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum IT Solutions or its subsidiaries or affiliates. <mailto:administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx> administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx _____ ----------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom/which they are addressed. If you have received this email in error please notify the system manager at the following email address: sadmin@xxxxxxxxxxxxxxx <mailto:sadmin@xxxxxxxxxxxxxxx>. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Al Faisaliah Group. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender therefore does not accept liability for any errors or omissions in the context of this message, which arise as a result of Internet transmission. Finally, the recipient should check this email and any attachments for the presence of viruses. Al Faisaliah Group accepts no liability for any damage caused by any virus transmitted by this email. -----------------------------------------------------