Hello all, my IP Packet filter logs are being filled up with records of the kind .. 2002-10-25 07:05:47 xxx.xxx.xxx.xxx 192.168.52.1 Tcp 139 1921 ACK BLOCKED ... 2002-10-25 07:05:47 xxx.xxx.xxx.xxx 192.168.110.1 Tcp 139 1922 ACK BLOCKED ... 2002-10-25 07:06:12 xxx.xxx.xxx.xxx AAA..AAA..AAA.AAA Udp 1027 137 - BLOCKED ... 2002-10-25 07:06:13 xxx.xxx.xxx.xxx BBB.BBB.BBB.BBB Udp 1027 137 - BLOCKED ... where AAA.AAA.AAA.AAA and BBB.BBB.BBB.BBB are the IP's of ISA on the external interface and xxx.xxx.xxx.xxx various IP's from the outside world Also, the internal IP's shown above do not exist in my organization nor are part of the ISA LAT conffiguration. All these are being reported by ISA as all port scan attacks or well-known port scan attacks. Is it really so or am I missing something ? (.. does it have anything to do with the NetBIOS settings configured on ISA?) Thanks in advance. George E. Sartzetakis Information Systems Engineer Interworks Ltd. 60 Vrilissou Str., Athens 114 76 Tel.: +30 10 6400437, +30 10 6456596 Fax: +30 10 6471048 URL: <http://www.interworks.gr/> http://www.interworks.gr Email: <mailto:g.sartzetakis@xxxxxxxxxxxxx> g.sartzetakis@xxxxxxxxxxxxx