Date: Mon, 29 Jan 1996 12:48:00 -0500 From: Paul Ferguson <pferguso@cisco.com> Message-ID: <199601291747.JAA15611@lint.cisco.com> You clearly didn't read the message I sent that you replied to... Well, not exactly. I was thinking along the lines of something a little larger than 'home' access. :-) The issue I mentioned was my brother, with a static IP address from Demon for his one system at home, which connects via dial up, connecting to my one system at home, which is also dial up (right now), though basically a permanent connection. My point was that filtering on source addresses is not exactly the most secure method of access control. Again, you didn't read my message - I know that source address filtering is even less secure than other filtering. However the source address in one packet is the destination address in another - and I can filter on that destination address... I also know that there are attacks that can be made without requiring return packets at all - those I have to deal with in other ways (smart card password schemes most certainly aren't it) regardless of what kind of address (statically assigned, or dynamically assigned) my brother gets. kre