hi, Wont the following cause a firewall breach- First we capture inbound packets to a firewall assuming we have a man in the middle(M). If (M) use block replay on packets he can inject bits and pieces of his own information to an inbound firewall and can go undetected? M doesn't alter the source and destination ip's and is perfectly acceptable to the firewall.Even a timestamp won't work since a packet is expected at any time. We can still re-calculate the CRC of Checksum field by the same attack and replace the old crc/checksum after changing various required bit positions. Do firewall programs use initialisation vectors and a chaning mode to prevent this attack? Regards Sarath. __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com