Hi All, I am relatively new to this "game" so please take it easy on me. :-) I am getting almost endless Application Log Warning messages. We will get these Application Event Log Warnings over several hours, as few as 1 or 2 a minute and as many as 1 every second: "ISA Server detected a spoof attack from Internet Protocol (IP) address xxx.xxx.xxx.xxx. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log." This sometimes causes an interruption of Internet service. If I try to reach a Web Site the browser will error-out. When it does I will then get this Application Event Log Error: "The ISA Server services cannot create a packet filter xxx.xxx.xxx.xxx. This event occurs when there is a conflict between the Local Address Table (LAT) configuration and the Windows 2000 routing table. Check the routing table and the LAT to find the source of the conflict." The pattern is then that the Spoof messages will stop for a bit... then the whole cycle will start over. Could this be caused by our network being configured incorrectly? Are there tools available that I can use to figure this out? Is this just a plain ol' Spoof Attack? I will add that we are running our own Exchange Server and also hosting our own Web Site. Any help will be appreciated. Thanks, Kelli M. Irwin