Hi, My ISA server is sending an alert as follows ISA Server detected a spoof attack from Internet Protocol (IP) address 10.34.251.1. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. If I understand this, someone is trying to pretend to be on my internal network. Firstly, am I right in assuming ISA will just drop this packet. Secondly, how is someone spoofing a private IP range? I.e. I thought that an external router would discard any packet with a reserved address range. Cheers, John