It doesn't; not as such. It simply doesn't recognize it as a valid request as defined in your publishing rules and refuses it on that basis. Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Talley, Scott" <stalley@xxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, August 06, 2001 2:28 PM Subject: [isalist] blocking Code Red http://www.ISAserver.org Upon examining my ISA logs, I see that it has denied access approx. 20 times per day to both versions of Code Red queries. My question is.. how does it identify this request as malicious? Thank you, Scott Talley The Combined Group phone: 972.247.2621 x829 fax: 972.247.2622 e-mail: stalley@xxxxxxxxxxxxxxxxx ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')