What are the IPs this traffic is going to? What ISA log entries show this traffic? Do you use ISA Caching (cache or Integrated mode)? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! http://www.ISAserver.org Hi All, I need your help with a problem and I hope somebody is willing/able to help me. Since today I noticed a considerable drop in my internet connection speed. While investigating the problem I found that some program is trying to make a lot of TCP connections to a far smaller number of IP adresses somewhere in the US. The connection attempts are made over a wide range of portnumbers. My problem is that I cannot determine which program is making al these connection attempts. Netshield cannot detect any virus, neither have I found any spyware. An initual search through the directory structure of the server running isa didn't come up with any strange software. As far as I can tell all these request are initiated on the server running isa. I'm probably missing something very simple, butt can anyone tell me how i can find out which program is the source of all this? Thanks, Fokke Sijbrandij ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')