On Tue, 4 Jun 2002, Sean Donelan wrote: :Some ISPs are practically religious about using them, usually the result :of a single person at the ISP pushing it. But for the most part it hasn't :really taken hold in the professional security consulting field. I would suggest that it is also ISP's who do not hire security consultants. Consulting fees tend to come from departmental budgets, and almost every network engineer I have ever met fancies themselves a security expert. There isn't alot of incentive for them to get a third party opinion, because of a lack of faith in the clue of most consultants, and a general aversion to having anyone touch the delicate house of cards many network engineers have constructed. Maybe Cisco could add this as a default requirement of the configuration that had to be explicitly disabled? In fact, it would be nice if all protocol configurations had to have their authentication manually disabled. -- batz