Well guess i'll just pitch in my two cents in. If you dont allow users to set up their own .rhosts files, or you dissable them compleately. Then you loose what makes the r commands so wanted by people.... transparency. They like them because they dont have to type a user name and passwd to log into other machines. Now if this dissapears then rlogin is a beefed up telnet. Therefore you must a) Allow you users to use them and simply drop all incoming packets to any ports where the r deamons hang at the router. or b) dont allow them at all. In a university setting a) is probably fine while a bussiness would probably go with b). Like I said just my $0.02 a1 http://dfw.net/~aleph1 Uebercrackers Security Web