That needs to be a judgment call on your part. If you see a lot of oddball (i.e., you don't publish that service) requests from a particular IP, then you need to do some sleuthing. Do : 1. a ping -a against the IP 2. an nslookup against it 3. a whois against it Basically, you have to learn the difference between truly malicious activity and normal network noise. http://www.samspade.org offers a free tool that makes this kind of research comparatively brain-dead. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Sean Faust" <sfaust@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, February 18, 2003 10:01 Subject: [isalist] Blocking External IP Addresses http://www.ISAserver.org Good Afternoon All, When reviewing the logs and noticing repeated All Port Scans from a particular IP Address is it a good idea and is it possible to have the external interface refuse any connection attempts by that IP address? and if so what is the most efficient way to block an external IP address from hitting the external interface? Thanks Sean Faust Director, Network Services American Red Cross Atlanta Chapter Office (404) 575-3123 Cell(404) 909-0778 sfaust@xxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')