Hello folks, this is my first posting to the list and I am an ISA newbie, so be gentle! My setup: --------- Home network. Win2K server and Professional, with SP2 and SRP1. ISA server with SP1, connected via 512k ADSL modem. ISA rules I have configured are all outbound to be allowed, all inbound to be denied unless requested from the ISA server as an outbound request. Up to date virus signatures that have detected no viruses. Pest scanner (Pest Patrol 3.1 eval) that has detected no Trojans. The scenario: ------------- Among other things I run Morpheus that uses the default port 6346. Since about 3 weeks ago, *every* time I use morpheus to up\download a file, my ISA server stops responding and has to be cold booted to recover. The event viewer shows an 'unexpected shutdown' and little else. I have seen a few half scan attempts but they do not happen at the same time as the crashes. ISA Firewall log shows a list of the IP addresses that have been trying to make contact. In honesty I'm not up to speed on interpreting these logs and I've not yet had time to dig deep into ISA. My guess is that the port I am using is being used to get into the network and either bomb my machine with some type of DOS attack, or there is a remote control Trojan somewhere. None of the machines behind ISA have been affected. I realise that the filesharing app throws up it's own discussion, but this is a home network and let's say I'm using the app to share my resume ;) Has anyone seen this or a similar type of scenario (i.e. with a business related or more 'reputable' app than Morpheus). Can you suggest what I should look into or do to protect this, other than removing Morpheus, which will be the next step. Many thanks, Mike.