I`ve once weeded DHCP broadcasts hitting my external from the logs By creating a packetfiler to block the traffic and specify no logging: Packet Filter Name : DHCP BC Enabled : True Filter Mode : Block Filter Type : Custom Protocol : UDP Direction : Inbound and Outbound Local Port : 68 Remote Port : 67 Local Computer Filter Applies to this IP : 0.0.0.0 Remote Computer Filter Applies to Host: "originating IP here" I agree that it would be best to find the source of the broadcasts, But I`m pretty sure that it could be removed from the logs by tweaking The above filter. David Elmquist -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: 14. maj 2002 17:01 To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA - internal interface broacasting on external interface ? http://www.ISAserver.org ISA blocks all broadcast traffic, so there's nothing you can do about that type of log entry. Things to check: 1. are both subnets (int/ext) operating from the same switch/hub? 2. does the ISA also provide DHCP services? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Tom Chadwick" <tom_chadwick@xxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, May 14, 2002 6:02 AM Subject: [isalist] ISA - internal interface broacasting on external interface ? http://www.ISAserver.org I have an ISA server in secure standalone mode using 10.x.x.x internally. The logs (by inspecting the raw data) indicate that the internal interface is broadcasting (255.255.255.255 UDP port 67/68)on the external interface. Also this traffic is shown as being blocked. I would like to resolve this as a) it is adding to the log file size and b)I can't see where the BLOCK is coming from. Thanks ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: david@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')