Christopher Klaus says: > Probably the best way to prevent IP spoofing attacks is to turn off all > ip-based authenication services, ie rsh, rlogin are the main ones. Insufficient. If you can see at least part of the packet stream, you can session-steal. This makes a mockery of things like S/Key. Perry