|>and_ be spoofing as a machine on your network, |>or _directly_ on whatever subnet you've added to your >securenets file. |run nmap(even just as a user) on the subnet, find unused IP and |you are good to go (who has the time/effort to spend inputting |individual IPs into the securenets file?) CHECK run arpwatch--e-mail shows new network card with new ip address. Not water tight, but it helps :)