[HECnet] DECnet over IP

Correct. AFAIK this is like most TCP applications (e.g. telnet) that initiate outgoing, active, connections. Yep. Authenticate?? We don't need no stinking authentication :-) Seriously, though, AFAIK Multinet tunnels have no authentication at all. If somebody out there was smart enough to know what we were doing and spoof the DECnet packets, then they could probably break in. Or at least they could take over the DECnet tunnel - whether they could log in and access files depends on how secure you've made your host. Since a lot of the HECnet hosts, especially ones with TCP/IP tunnels, already have direct Internet facing ports for telnet, ssh, ftp, etc the question of DECnet security seems moot. You can always configure your router, as I have, to only forward port 700 traffic from specific Internet hosts. That'll solve the problem unless somebody also cares enough to go to the trouble of spoofing IPs as well. Getting off topic - don't I remember that there was a way to set a password on point-to-point DDCMP circuits? How (or rather, at what level in the protocol stack) was that implemented ? Bob