On your ISA server, navigater to the install directory of the ISA server. The default is c:\program files\Microsoft ISA Server and open the logfiles directory. In the log directory there will be log files starting with IPP... these are the packet filter logs. Look for any attempt from an external address on UDP port 1434. (I will give two to one odds on a ten dollar bill, that if you are on a broadband or similar connection you will find some of these entries.) HTH Kevin -----Original Message----- From: Raji Arulambalam [mailto:rajia@xxxxxxxxxxxxxx] Sent: Monday, January 27, 2003 9:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] SQSlammerL DoS Worm http://www.ISAserver.org Hi Guys How would I check if the above worm tried to attack the ISA server. We do not publish or have SQL on the ISA server itself so am not worried, but I would like to know.!! Thanks --------------------------------------------- Raji Arulambalam Systems Administrator Environment Bay of Plenty P O Box 364 Whakatane. NEW ZEALAND -------------------------------------------- ****************************************************** This e-mail has been checked for viruses and no viruses were detected. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: kevin@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')