Dear All I have faced to a problem, that was strange somehow. How ISA Server do detect that there is a IP Add Spoofing on one of it's network(I the networks that it is in touch w/)? How about MAC Add spoofing? Can ISA Server detect this one? And How? (I look for algorithms) Can ISA Server make mistake in detecting in some situation and configurations? Assume that, I bind many(more than 1) IP Addresses to the external Interface and I have some in LAT and allow to access out, so Is this configuration make ISA Server detect any Spoofing attack? (U see that one MAC Address and many IP's) Regards __Radien__