Well then, Mike, I disagree with your thought process. You can send ICMP unreachables all day long today! It only strengthens the protocol to send the correct error messages and to respond to the protocol conditions correctly. Also, you have not responded by a valid technical question, but are hand-waving... I'll ask again. How do you propose a hack can do these three things at the same time. (1) Know the state of a TCP connection (SYN_RCVD). (2) Know the sequence number of the response, (3) Know a random code in the identifier field, (4) Know the both source and destination address of connection; (5) Know the exact time window of the SYN-ACK/SYN-SYN handshake. If you, Mike, can break this, and explain how do do it, then we can add (6) MD5 authentication to ICMP. BTW, after you explain in detail how to spoof (1)-(5) then I would like to ask you a favor.... I would appreciate it if you would not give credit to for ICMP UNREACHABLE to me. ICMP UNREACHABLE errors are in specified in RFC 793. Please 'redirect' this credit elsewhere. It is not my original idea. All I am asking is for the procotcol to work as designed so I can have one more piece of info to use in an algorithm. I await your technical reply on how to defeat the conditions 1-5 above, and if you can, then add 6 and explain how do defeat that as well. Somewhat Patiently (but anxiously awaiting technical answers), Tim