Make sure, the external IP is not inculded in LAT and if you are accessing ISA thru a Terminal, then you must manually add the route which tells ISA, that itz not a spoff address. This worked for me. Regards, Mohammed Athif Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 Moble.: +966-509774015 Email: mathif@xxxxxxxxxxxxxxx "Save Internet, Keep all the systems patched" Web: http://alfaisaliah.com <http://alfaisaliah.com/> -----Original Message----- From: Hamilton, Calvin [mailto:Calvin.Hamilton@xxxxxxxxxxxxxx] Sent: Friday, 28 May 2004 10:25 PM To: [ISAserver.org Discussion List] Subject: [isalist] Getting 15105 and 15108 http://www.ISAserver.org What can I do to prevent or manage these events 15105 is ISA Server detected an all port scan attack from Internet Protocol (IP) address 209.217.88.172 15108 is ISA Server detected a spoof attack from Internet Protocol (IP) address 65.116.240.1 ----------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom/which they are addressed. If you have received this email in error please notify the system manager at the following email address: sadmin@xxxxxxxxxxxxxxx <mailto:sadmin@xxxxxxxxxxxxxxx>. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Al Faisaliah Group. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender therefore does not accept liability for any errors or omissions in the context of this message, which arise as a result of Internet transmission. Finally, the recipient should check this email and any attachments for the presence of viruses. Al Faisaliah Group accepts no liability for any damage caused by any virus transmitted by this email. -----------------------------------------------------