> another method. use the arp cache to check source ip addresses > against physical layer addresses, local net packets coming from the Net > router, rather then direct from the local machine should be dropped. > this is also sufficient to protect against the spoofing attack from the Net. How hard would it be to modify tcpwraper (for example) to check the incomming MAC address on a connection and to be worried if it came from a list of routers but the address was the local net? -- Jon