Something else worth checking -- in the late '80s, DEC was selling a bump-in-the-cord Ethernet encryptor --- called the DESNC, if I recall correctly. It was completely transparent to the hosts involved, and did its encryption based on the addresses in the Ethernet header.