Hello Guys, I'm having many problems with my ISA Server because it seems someone is sending IP spoofing attacks. My event log is filling with the following event: ISA Server detected a spoof attack from Internet Protocol (IP) address X.X.X.X (external IP of ISA Server). A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. We have our Web Site published through ISA Server and when the attack occurs, people on the Internet cannot access our web page. They get the following error: 403 Forbidden (12202), but if they try to access the web site by using its IP address ( http://IP_Address/) it loads correctly. It's very strange because if I try to ping our website (ping www.domain.com) in that moment I get a response from an unknown IP address. I'm not sure if this could be related with Code Red (however IIS 5.0 is not installed on our ISA Server). Sincerely I don't know what to do. Could you give me a little help ???. Thanks a lot, CARLOS MAURICIO PEREZ C. Technical Support Å: mauriciop@xxxxxxxxxxxx SoloSoft Ltda.