Hi Larry, If you host your own DNS servers then first thing you must check is to tick 'secure cache against pollution' option and restricting zone transfers to the appropriate servers. DNS spoofing is based on cache poisoning and to further protect your external DNS servers from the risks of DoS or spoofing attack your ISA server and boundary router must be carefully configured in relation to DNS queries on port 53 (UDP). For more information on spoofing and protection from it go to site SAN Institute: http://www.sans.org Hope that helps, Sonny Mulitalo P.S How well do you know Goldmine? -----Original Message----- From: Larry Lentz [mailto:Larry@xxxxxxxxxxxxxxxxx] Sent: Thursday, 17 October 2002 1:58 p.m. To: [ISAserver.org Discussion List] Cc: Geeks; isalist@xxxxxxxxxxxxx Subject: [isalist] IP Spoofing http://www.ISAserver.org Tom, Thank you for your contributions to the ISA Server discussion list. I have a question. I am experiencing IP Spoofing attacks and don't know how to stop them. I have taken the offending IP address out of the LAT and added a packet filter to block everything from that IP address. Still it gets through. How does one combat these? Knowing they're there is not enough :-) Thanks! Larry ---------------------------------------------- Larry Lentz, MCSE+I, MCDBA MCSE on Windows 2000 GoldMine Certified Professional Lentz Computer Services GoldMine Solutions Partner San Antonio, Texas Larry@xxxxxxxxxxxxxxxxx ---------------------------------------------- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: sonnym@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')