Hello Friends, I have been checking my ISA Server log files because I'm receiving a lot of alerts about IP Spoofing and IP Half Scan Attacks. I found the following suspicious entries in a log file called IPPEXTD20010814: #Fields: date time source-ip destination-ip protocol param#1 param#2 tcp-flags filter-rule interface ip-header payload 14/08/2001 20:58:41 128.2.24.41 200.14.207.98 Tcp 21 21 FIN SYN IpHalfScan 200.14.207.98 45 00 00 28 9a 02 00 00 1c 06 d5 31 80 02 18 29 c8 0e cf 62 00 15 00 15 6b 4a b1 1f 71 44 96 13 50 03 04 04 58 55 00 00 14/08/2001 22:09:57 200.14.207.98 200.14.207.98 ICMP 8 0 - Spoof 200.14.207.98 45 00 00 3c 7d 36 00 00 7b 01 93 a8 c8 0e cf 62 c8 0e cf 62 08 00 2c 5c 01 00 20 00 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 Could you help me to understand that entries ?? Could you explain me how these attacks work ?? How can I block these attacks ?? Thanks for your help, CARLOS MAURICIO PEREZ C. Technical Support s: mauriciop@xxxxxxxxxxxx SoloSoft Ltda.