If you saw an alert, ISA already dropped that traffic. Unless you're creating a packet filter to drop all traffic from a source, you're just being redundant. You can't prevent attacks, and if you have ISA configured properly, they'll play hell getting past it. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://jalojash.org/isatools Read the books! ----- Original Message ----- From: "Vinaykumar G" <G.VINAY@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Sunday, August 25, 2002 8:37 PM Subject: [isalist] IP Half Scan Attack http://www.ISAserver.org Hi All, I have got this in my event logs and in Alerts of ISA server. The IP is from other country. I have created packet Filter to block traffic from this IP. What else can we apply to stop such attacks please confirm? Regards, Vinay. ISA Server name: xxxxx ISA Server detected an Internet Protocol (IP) half-scan attack from IP address xxx.xxx.xx.xx For more information about this event, see ISA Server Help. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')