I am killing the Strong ES model vs Weak ES model thread unless someone was something substantial to add. It is obvious both models have value and that people disagree on their relative merit. Obviously this is the reason they were both described in the RFC and neither recommended over the other. At the very least the dangers of the weak ES model in some configurations that assume each interface is in a different security domain and don't implement packet filtering should be clear. One would hope that TCP/IP implementations would provide some flag to tune the behavior (like Solaris does) and that flag was documented. On an unrelated topic, I'd like to thank Ben for moderating the list in my absence. I'd forgotten what it was like to have that much free time. -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum