I'm getting a lot of IP spoofing alerts. No IP addresses are being spoofed, but what I am finding is that broadcasts to 255.255.255.255 on the internal nics of multihomed devices are making it to the DMZ portion of the network and triggering the alarms on the ISA server. Has anyone seen this and if so, is there a way to stop Windows 2000 multihomed boxes from broadcasting internal traffic on both nics? Thanks! Steve Bostedor