You need to review the packet filter logs for that time (remember to account for GMT logging). The actual traffic is located there. By default, ISA logs to %ProgramFiles%\Micorosoft ISA Server/ISALogs Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Ruba Al Omari, Eng. [mailto:romari@xxxxxxxxxxxxxxxxx] Sent: Wednesday, November 24, 2004 12:12 AM To: [ISAserver.org Discussion List] Subject: [isalist] FW: ISA Server alert: An intrusion was attempted by an external user. http://www.ISAserver.org Hi I have 2 arms ISA2000, one NIC connected to switch with a netscreen device (10.255.1.2) and the other arm is connected to internal LAN. I keep getting these notifications almost every few minutes; from the interface that is connected to the netscreen LAN which only has 2 devices connected to this LAN the ISA and the netscreen. I know the ISA is not infected, could there be any other reason for this? Thanks for any help Ruba Al-Omari -----Original Message----- From: 9000-srv [mailto:9000-srv] Sent: Wednesday, November 24, 2004 10:06 AM To: DAH Technical Support Subject: ISA Server alert: An intrusion was attempted by an external user. ISA Server name: 9000-SRV ISA Server detected an all port scan attack from Internet Protocol (IP) address 10.255.1.2. For more information about this event, see ISA Server Help. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.