>>>>> "Rens" == Rens Troost <rens@imsi.com> writes: Rens> This can be done with a routing redirect attack anywhere on Rens> the path between the telnet client and the skey login machine Rens> (firewall), and does not require IP spoofing. What I meant was, does not require that it spoofing that can be detected by router filters. It does require spoofing that the packets are coming from the machine that originated the valid connection; let my fingers get ahead of me. -Rens