> I'm less concerned about the IP spoofing attack method than I am curious > about this TAP tool. Does anyone have any detailed/technical information > on this in particular? I don't think this is anything special to be worried about. Once someone has root, they can use this tool to clone ttys and break into more systems. The way I look at it, once the hacker has root, the gig is up anyways. The measures described to prevent this (disabling loadable kernel modules) seem pointless -- if the attackers have root, they can rebuild the kernel to do anything they want. I found tap via archie -- search for tap-1.24. It may be an older version. ...Eric