One of my clients is continually getting bombarded with an IP Spoofing attack. I in turn am being bombarded with emails about the attack from ISA. The offending IP address is 127.0.0.1 which of course is the local loopback address. The message I'm getting is: ISA Server detected a spoof attack from Internet Protocol (IP) address 127.0.0.1. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. How can I determine the source of this and correct it? Thanks! Larry ---------------------------------------------- Larry Lentz, MCSE+I, MCDBA MCSE on Windows 2000 GoldMine Certified Professional Lentz Computer Services GoldMine Solutions Partner San Antonio, Texas Larry@xxxxxxxxxxxxxxxxx www.LentzComputer.NET <<Picture (Metafile)>> For networking that makes sense, count on Lentz! ----------------------------------------------