Inline... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Lim, Arthus T." <alim@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, July 01, 2002 1:09 AM Subject: [isalist] Re: Spoof attack http://www.ISAserver.org Here's my ISA configuration: Packet Filters: DNS Filter allow ICMP Outbound allow ICMP Ping Response (in) block -- not needed if you have packet filtering on ICMP Source Quench allow ICMP Timeout in allow ICMP unreachable in allow POP3 allow -- are you using these protocols at or behind the ISA? Under General tab, enable packet filtering is checked, enable intrusion detection is checked. Under Intrusion detection tab, all are checked Here's one Application Log Warning Message I got: ISA server detected a spoof attack from Internet Protocol (IP) address 64.85.13.100. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. Hope you can help me with this. Thanks -- I still need to see the ipconfig/all for the ISA server... -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, July 01, 2002 8:10 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spoof attack http://www.ISAserver.org What does the ISA ipconfig/all look like? Most often, this entry is caused by misconfigured interfaces. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Lim, Arthus T." <alim@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Sunday, June 30, 2002 6:20 AM Subject: [isalist] Spoof attack http://www.ISAserver.org When I enable the Packet Filtering Option, the log says that I'm having spoof attack and the users couldn't be able to use the internet. What should I do to prevent this? ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: alim@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')