Calvin This is only an indication of ISA performing its job. This alert is not telling you that the port scan has been successful in finding holes in any way. The thing you want to be able to stop is people using malformed packets and dos attacks against any services running on you network which might show up in a port scan. For instance of course port 80 will show as open, that's a given, but how you protect it plays a big part. That's where smart firewalls and things like urlscan come into it. If you get annoyed with the alerts, as Steve said turn them off, or email them to another mailbox. Greg ________________________________ From: Hamilton, Calvin [mailto:Calvin.Hamilton@xxxxxxxxxxxxxx] Sent: Saturday, May 29, 2004 5:25 AM To: [ISAserver.org Discussion List] Subject: [isalist] Getting 15105 and 15108 http://www.ISAserver.org What can I do to prevent or manage these events 15105 is ISA Server detected an all port scan attack from Internet Protocol (IP) address 209.217.88.172 15108 is ISA Server detected a spoof attack from Internet Protocol (IP) address 65.116.240.1 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmulholland@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')