Hi everyone, I'm sure almost all of you had encountered an ISA Alert like this: ISA Server detected a well-known port scan attack from Internet Protocol (IP) address xxx.xxx.xxx.xxx. A well-known port is any port in the range of 1-2048. .... and many other types of intrusion attempts. Its good that ISA is doing its job pretty well.(or is he?) But what else can be done to prevent future and repeated attempts from attacking your network? Is there a "proactive" way of doing this? I have been getting ISA Port Scan Alerts that comes from the same IP consistently for the past 3 days. Any help or insight is appreciated. Thanks in advance. Marc