Where does this DC live; internal or external to ISA? How is your ISA configured; single/multi-NIC, Firewall/Integrated/Cache mode, Enterprise/Standalone? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Mauricio Foz" <mauricio.foz@xxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, June 13, 2002 7:16 AM Subject: [isalist] Event viewer warning http://www.ISAserver.org Hi Gurus, We have a lot of this events at event viewer. the IP "50" is our W2K Domain Controler. How can i handle it? ISA Server detected a spoof attack from Internet Protocol (IP) address xxx.xx.xxx.50. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. Thanks in Advance Mauricio mauricio.foz@xxxxxxxxxxxxxxxxx ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')