> > > Christopher Klaus says: > > Probably the best way to prevent IP spoofing attacks is to turn off all > > ip-based authenication services, ie rsh, rlogin are the main ones. > > Insufficient. If you can see at least part of the packet stream, you > can session-steal. This makes a mockery of things like S/Key. If you have an attacker that is listening to your packet stream, you have more serious problem than just IP spoofing attacks. But to stop people from doing ip spoofing on remote networks that they cant sniff, disabling ip-based authenication services. If you have intruders sniffing your network, you will need to do a lot more than just disable certian services. The only long-term solution that would adequately fix many of these problems is cryptography being implemented in authenication and encrypting all network traffic. With NSA probably having a better understanding of cryptography, maybe they can provide assistance. (grin) -- Christopher William Klaus Voice: (404)518-0099. Fax: (404)518-0030 Internet Security Systems, Inc. Computer Security Consulting 2209 Summit Place Drive, Atlanta, GA. 30350-2450.