| Event Id | 15108 |
| Source | microsoft firewall client |
| Description | ISA Server detected a spoof attack from Internet Protocol (IP) address IP address. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. |
| Event Information | "According To Microsoft:" CAUSE This issue may occur if the routing table on the ISA Server computer is different from the ISA Server configuration. In this scenario, any traffic that is sent from or to the IP addresses that appear in the events from the "Symptoms" section is dropped by ISA Server. ISA Server considers this traffic as spoofed. This issue may occur if all the following conditions are true: • You have a router that connects to an internal interface of the ISA Server computer. • You manually add the internal IP address range of that router to the IP address range of the network that is configured for this internal interface of the ISA Server computer. • A user tries to connect from the internal interface of that router through ISA Server to an external resource. RESOLUTION: For The Complete Solution Refer The Following Link: |
| Reference Links | Client computers cannot access external resources, and event ID 14147 appears in the Application log in ISA Server 2004 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.