How d o you know if the ISA server is getting requests from other infected machines out on the internet? Also My ISA server doesnt run IIS so do i need to install the IIS lockdown? and URL scan? what other patches might i need for protection? Thanks for any help Sincerely