Hi to you all, Thanks for all the helpful information that can be gained from this list. I have a situation that is causing me some concern. I have an ISA server behind a Cisco Pix. Our DNS server is on the internal LAN. It uses forwarders (through the ISA and the Pix) to resolve external URLs. The ISA server uses our internal DNS server. However every now and then, about three times, a day the ISA server alerts me to an all port scan on its external interface from the external DNS resolver (remember the ISA is behind the PIX). I have Netmon and syslog server running between the PIX and ISA (in the DMZ). The Syslog from the Pix also shows that there appears to be many attempts to access our site from the DNS resolver. There also does not appear to be any requests initiated from inside... The ISP swears that they do not have a problem... I then went to plan two and changed from the resolvers we were using to another company's resolver... everything went well for several weeks now I have the problem again... Does any one have any light that they can shed on this? Is this common? Regards Don McCall Email: dmccall@xxxxxxxxxx Infrastructure Administrator - Information Systems Baptist Community Services NSW & ACT Telephone: (02) 9941 6049 Fax: (02) 9889 1520 Address: Corporate Services - 157 Balaclava Road Marsfield NSW This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of Baptist Community Services. 2