Hi Group, If anyone could Help me understand what I am looking for when I work with ISA please: 1. I have intrusion detection configured to email me. When I get an email saying that I am experiencing an ALL PORT SCAN, does this mean someone is specifically trying to get into my system, or are they simply scanning an IP range to see who is open for business? (Isa connected to cable modem) 2. When I look at the logs, what is a red flag that someone has broken down the door? 3. If I see an IP address scanning my system that looks like an internal address, is this what they call IP spoofing, and I would not be able to trace back who it is? 4. I have used port scan on .grc.com and it shows me in stealth mode on my ports. Am I safe to assume I have configured ISA correctly so I am somewhat invisible on the net? Thanks for everyone's help Kapt Kirk MCP NT4 MCP Windows 2000 A+ kaptinkirk@xxxxxxxxxx more from the Web. FREE MSN Explorer download : http://explorer.msn.com