Hi Pai, Always check the packet filter log so that you can analyze the details of the interaction. The IDS is helpful, but never replaces a pair of trained eyes. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: jagadish.pai@xxxxxxxxxxxxxxxxxxx [mailto:jagadish.pai@xxxxxxxxxxxxxxxxxxx] Sent: Tuesday, March 04, 2003 10:41 PM To: [ISAserver.org Discussion List] Subject: [isalist] All Port Scan Attack Detection http://www.ISAserver.org Hi What should be done if the following notification by isa server. ISA Server detected an all port scan attack from Internet Protocol (IP) address 61.241.82.53. For more information about this event, see ISA Server Help. Regards Pai ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')