Hi VenKat What host is the 192.168.68.55 host? Where does it reside on the network? Check out http://support.microsoft.com/default.aspx?scid=kb;en-us;Q288396 Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Venkat" <venkat.r@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, April 09, 2002 3:26 AM Subject: [isalist] Spoof Attack http://www.ISAserver.org hi, iam using Isa server to which also acts as domain login server.these are the errors i found in event viewer.i've also copied the routing table.can anybody pls help me rectify this. Event Type: Warning Event Source: Microsoft ISA Server Control Event Category: Packet filter Event ID: 15108 Date: 4/5/2002 Time: 11:45:45 AM User: N/A Computer: CONSOLE Description: ISA Server detected a spoof attack from Internet Protocol (IP) address 192.168.68.55. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. Data: 0000: 1f 00 00 00 .... Event Type: Error Event Source: Microsoft Web Proxy Event Category: None Event ID: 14120 Date: 4/5/2002 Time: 2:55:44 PM User: N/A Computer: CONSOLE Description: The ISA Server services cannot create a packet filter 202.9.151.5. This event occurs when there is a conflict between the Local Address Table (LAT) configuration and the Windows 2000 routing table. Check the routing table and the LAT to find the source of the conflict. Data: 0000: 41 01 00 c0 A..À C:\Documents and Settings\Administrator>netstat -r Route Table =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x4000002 ...00 02 b3 24 ff ce ...... Intel(R) PRO Adapter (Microsoft's Packet Scheduler) 0x8000003 ...00 b0 d0 d0 8b 4a ...... Intel 8255x-based Integrated Fast Ethernet (Microsoft's Packet Scheduler) =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 202.9.151.1 202.9.151.5 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.68.0 255.255.255.0 192.168.68.1 192.168.68.1 1 192.168.68.1 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.68.255 255.255.255.255 192.168.68.1 192.168.68.1 1 202.9.151.0 255.255.255.0 202.9.151.5 202.9.151.5 1 202.9.151.5 255.255.255.255 127.0.0.1 127.0.0.1 1 202.9.151.255 255.255.255.255 202.9.151.5 202.9.151.5 1 224.0.0.0 224.0.0.0 192.168.68.1 192.168.68.1 1 224.0.0.0 224.0.0.0 202.9.151.5 202.9.151.5 1 255.255.255.255 255.255.255.255 202.9.151.5 202.9.151.5 1 Default Gateway: 202.9.151.1 =========================================================================== Persistent Routes: None C:\Documents and Settings\Administrator>netstat -s IP Statistics Packets Received = 2935055 Received Header Errors = 0 Received Address Errors = 2819 Datagrams Forwarded = 93487 Unknown Protocols Received = 0 Received Packets Discarded = 83102 Received Packets Delivered = 1270312 Output Requests = 1475311 Routing Discards = 0 Discarded Output Packets = 12185 Output Packet No Route = 0 Reassembly Required = 50 Reassembly Successful = 16 Reassembly Failures = 9 Datagrams Successfully Fragmented = 9 Datagrams Failing Fragmentation = 0 Fragments Created = 18 ICMP Statistics Received Sent Messages 43443 44288 Errors 1 0 Destination Unreachable 4249 2739 Time Exceeded 8 0 Parameter Problems 0 0 Source Quenches 0 0 Redirects 0 0 Echos 13876 27673 Echo Replies 25309 13876 Timestamps 0 0 Timestamp Replies 0 0 Address Masks 0 0 Address Mask Replies 0 0 TCP Statistics Active Opens = 31860 Passive Opens = 22039 Failed Connection Attempts = 5893 Reset Connections = 13759 Current Connections = 40 Segments Received = 977850 Segments Sent = 1230236 Segments Retransmitted = 21211 UDP Statistics Datagrams Received = 2243481 No Ports = 6275 Receive Errors = 0 Datagrams Sent = 179383 ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')