Spoof Attack ?What is in the IP log for that same date/time? It'll tell you what the actual source IP was in the packet. Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: Thum Chee Weng ; Ronnie To: [ISAserver.org Discussion List] Sent: Thursday, September 13, 2001 17:31 Subject: [isalist] Spoof Attack ? http://www.ISAserver.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------------------------------------------------------------------------------ hi, I'm getting a number of spoof attack alerts originating from my internal IP range. Can anybody help me to explain why ? - ronnie - MCP, MCP+I, MCSE -----Original Message----- From: ISASERVER [mailto:ISASERVER] Sent: None To: Thum Chee Weng, Ronnie Subject: ISA Server alert: The IP packet source address is not valid. ISA Server name: MY_ISA ISA Server detected a spoof attack from Internet Protocol (IP) address aaa.bbb.ccc.ddd. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. ------------------------------------------------------------------------------ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')