Well Jeb, Some people in the industry, higher this dude named bubba to do out packet sniffing and tracing. Sam spade does a good job at tracing as well. What you can do is look up the domain contact At internic or dotster and then email the host and inform them of suspicious or possible activity Coming from that group of ip address. Thank you, Joseph -----Original Message----- From: Watts, Jeb [mailto:Jwatts@xxxxxxxxxxx] Sent: Friday, June 11, 2004 8:16 AM To: [ISAserver.org Discussion List] Subject: [isalist] On Packet filters security etc... http://www.ISAserver.org I have been noticing what ISA is calling "port scan attacks" for the past week or so from the same IP address. I am just getting my feet wet with trying to monitor security closely and don't mean to sound like a complete idiot. (Oops! To late?) Does this mean someone is purposely scanning my ISA server for holes or could it be something non intentional? Is there really anything that can be done about it? I have already found out who owns that block of ip addresses provided the source address is not being spoofed. Does Tom's book cover questions about what the different log messages mean? Thanks! Jeb ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist