Can anyone tell me why the Nachi worm brings my ISA firewall to it's knees, I have ICMP disabled outgoing but as soon as I get a machine behind the firewall with Nachi on it the firewall service goes to 100%, the server looks like it's dead but it's not, disconnect the internal NIC and it comes back to life straight way, even if I disable my DNS server (behind the firewall) it still stays at 100%, so it's not ICMP and it's not DNS, so what is it and more importantly how come ISA chokes on it so easily ? I could understand ISA choking on 100 Nachi boxes on a 100Mb internal link but yesterday I had 2 infected machines behind the firewall connected over a 128Kb link taking the firewall service to 100% ?? I have even turned off logging and anything else that might use up CPU, still the same happens. I am seriously considering changing firewalls. Cheers Phill Phill Hardstaff MCSA, CCNA, A+, Network+, Inet+, Server+, CIW Assoc. Senior Support Engineer Secretariat of the Pacific Community B.P. D5 Noumea Cedex - 98848 New Caledonia Phone +687-260141 Mobile +687 838091 Fax +687-263818 Email phillh@xxxxxxx SPC Web Page http://www.spc.int/ Personal Web Page http://www.hardstaff.com/ Personal Email Phill@xxxxxxxxxxxxx Personal Fax +1 (603) 299-5640 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.542 / Virus Database: 336 - Release Date: 18/11/2003