Marcio, That looks like a Nimda scan hitting your ISA server. Is the source IP internal or external? If internal, shut that host down. If external, make sure that ALL your IIS enabled devices are secured, and trying filtering/deny all requests with the those Nimda particular requests, like cmd.exe etc... Configure your ISA server, and if possible, your perimeter routers to filter/drop that stuff. 'Luck. -----Original Message----- From: Marcio Monteiro [mailto:mmonteiro@xxxxxxxxxx] Sent: Monday, July 29, 2002 10:27 AM To: [ISAserver.org Discussion List] Subject: [isalist] Isa log WEBD20020729.log http://www.ISAserver.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible.