What do you find in the IPEXT..log for those events (remember; the logs are GMT)? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Amy Babinchak" <Amy@xxxxxxxxxxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, September 09, 2003 08:09 Subject: [isalist] RE: ISA Detects Port Scan from IP, It's MY IP?? http://www.ISAserver.org I have the same thing on one ISA implementation. I have not been able to figure out the cause. But is hasn't caused any problems either. I've checked the network configuration, the LAT, the DSL router, and I'm using the same ISP at other locations with ISA server so I know its not an ISP issue either. I'll be interested in solutions to it as well. By chance is your ISA server on an SBS machine? Amy Babinchak Technology Consultant Harbor Computer Services (248) 546-6056, (248) 890-1794 -----Original Message----- From: Rod Buike [mailto:rodb@xxxxxxxxxx] Sent: Tuesday, September 09, 2003 11:02 AM To: [ISAserver.org Discussion List] Subject: [isalist] ISA Detects Port Scan from IP, It's MY IP?? http://www.ISAserver.org Event Type: Warning Event Source: Microsoft ISA Server Control Event Category: Packet filter Event ID: 15105 Date: 9/9/2003 Time: 9:57:38 AM User: N/A Computer: PROXY Description: ISA Server detected an all port scan attack from Internet Protocol (IP) address xxx.xxx.xxx.xxx. For more information about this event, see ISA Server Help. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 1f 00 00 00 .... Where xxx.xxx.xxx.xxx is MY external IP address. I get one of these pop up in my Event Viewer every 30-45 minutes. What could cause this, any resolution? Rod B ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* All mail from this domain is virus-scanned with RAV. www.ravantivirus.com ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*