>If you've found such an easy way to see that telnetd refuses connections >that didn't arrive over IPSec and/or Kerberos, I'm sure everyone would >like to know about it. Can't speak for IPSec, but I've been using the "-a" option in telnetd for years to refuse non-Kerberized connections. --Ken