Hi everyone, on my front end isa server on a public dmz I get a lot of spoof events from 127.0.0.1 in the last weeks. Log file entrys like: date/time 127.0.0.1 n.n.n.n Tcp 80 1609 Spoof x.x.x.x date/time 127.0.0.1 n.n.n.n Tcp 80 1739 Spoof x.x.x.x date/time 127.0.0.1 n.n.n.n Tcp 80 1447 Spoof x.x.x.x date/time 127.0.0.1 n.n.n.n Tcp 80 1924 Spoof x.x.x.x n.n.n.n = different ip addresses on public dmz x.x.x.x = external isa address I made virus scans, checked processes and network traffic but cannot find the reason for it. The LAT and ip configuration should be ok for it already worked for months without problems. Does anyone has an idea? Thank you, manfred