I can understand that someone can hijack your session if they are on your workstation, however, I don't see how they can do that from somewhere else. I have encountered several situations in the past where we had a bad Ethernet card on a host which we had to replace with another while maintaining the same IP address on the node. We had to wait in some cases hours before the router can recognize the new card, either that or force the router to dump its ARP table. Bottom line, if an intruder spoofs your address from another host, he will not get anyware pass the router. Of course, as usual, I stand to be corrected. Cheers, mak