Hi Tom, Thanks for your input! I know 'Layer 7' is the Aplication Layer, but I was wondering if you could expand on your comment. Which alerts/reports in particular? I have both of your ISA books, Server 2000 and Server Beyond (unintentional plug). I just never get a chance to really read them thouroughly, I use them as reference. So I was wondering if you could point me to the parts I can read more about the 'Layer 7 reporting' you speak of. Which parts are of te most interest? Like you said there are just so many nasties out there, I wanna make sure ISA is doing a good job. Are you already working on your ISA 2004 Server book? :) Thanks again! Paul -------------------------------------------- Hi Paul, I ignore them. There are so many scumbags on the Internet now scanning systems that there's not much to be gained by looking at port scans. The layer 7 reporting is of more interest. Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Paul [mailto:pdeen@xxxxxxxxxxxx] Sent: Wednesday, March 24, 2004 5:35 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Port Scans http://www.ISAserver.org I did not know you could search the history of this list until after I posted my first message. I think you guys have covered most of my questions, if not all. So the way I understand it now is: with streaming music and the 127.0.0.1, I am possibly recieving IP fragments, and/or delayed responce, and thats what could be triggering the port scan alert. That sound about right? I am still curious what you guys do when you recieve a port scan alert, if you just ignore them unless someting else points to an intrusion, or do you research them? If so, what tips do you have? Thanks! Paul ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to