Russ, Your timing is beautiful. :-) See the current discussion on comp.security.* of the TCP sequence-number attack that occurred recently at SDSC. There's a CERT advisory out on it now that references some papers by Bellovin and Morris that go into the gory details. They should explain why you need cookies and a non-TCP protocol. Phil