Examine your Program Files\Microsoft ISA Server\ISALogs\IP...log for the source IP and the IP it was detected on. If it seems like an unlikely combination (private IP on the ISA external interface, for instance), it's probably a real spoof and you've nothing to fear. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Lim, Arthus T." <alim@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, June 06, 2002 11:24 PM Subject: [isalist] Spoof Attack http://www.ISAserver.org Hi! What are the things that I should do when under spoof attack? ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')