Hi Arthus, If you have a double entry for destination 0.0.0.0 in your ISA Server's routing table, that will cause the false spoofing that you seem to be experiencing. Kelli -----Original Message----- From: Lim, Arthus T. [mailto:alim@xxxxxxxxx] Sent: Thursday, June 05, 2003 4:34 AM To: [ISAserver.org Discussion List] Subject: [isalist] Spoof Attack http://www.ISAserver.org ISA Server detected a spoof attack from Internet Protocol (IP) address 203.167.103.38. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. I received a lot of this alert messages lately. How can I avoid spoof attack? ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: kirwin@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')