Some details of your network and the error are appropriate. ISA determines "spoof" by comparing the source IP of teh received packet to the Windows routing table and the address assignments of the network where the packet was received. If the combined data doesn't agree, ISA calls "spoof". ________________________________ From: James [mailto:jmay@xxxxxxxxxx] Sent: Thu 3/2/2006 11:15 AM To: [ISAserver.org Discussion List] Subject: [isalist] spoof attack http://www.ISAserver.org Hello, I keep getting this error message under the alerts in the monitoring tab on ISA 2004 server. The message is. ISA server detected a spoof attack from internet protocol listing the ip address xxx.xxx.xxx.xxx which is my internal sbs2000 server. I have ISA 2004 running on a seporate box. Thanks Jim ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.