Hi Radien, You shuld define those entries which are in LAT in Windows Routing Table also + you get to see spoofing if the external ip address is being accessed by the clients or if you someone is accessing ISA from a different subnet. IF thatz the case, you need to add that subnet in LAT as wellas Routing Table. Good Luck, Athif -----Original Message----- From: radien@xxxxxxxxx [mailto:radien@xxxxxxxxx] Sent: Tuesday, 20 April 2004 8:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] Spoof detection mechanism of ISA Server http://www.ISAserver.org Dear All I have faced to a problem, that was strange somehow. How ISA Server do detect that there is a IP Add Spoofing on one of it's network(I the networks that it is in touch w/)? How about MAC Add spoofing? Can ISA Server detect this one? And How? (I look for algorithms) Can ISA Server make mistake in detecting in some situation and configurations? Assume that, I bind many(more than 1) IP Addresses to the external Interface and I have some in LAT and allow to access out, so Is this configuration make ISA Server detect any Spoofing attack? (U see that one MAC Address and many IP's) Regards __Radien__ ----------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom/which they are addressed. If you have received this email in error please notify the system manager at the following email address: sadmin@xxxxxxxxxxxxxxx <mailto:sadmin@xxxxxxxxxxxxxxx>. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Al Faisaliah Group. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender therefore does not accept liability for any errors or omissions in the context of this message, which arise as a result of Internet transmission. Finally, the recipient should check this email and any attachments for the presence of viruses. Al Faisaliah Group accepts no liability for any damage caused by any virus transmitted by this email. -----------------------------------------------------