Ken after Mike:
> > No one has mentioned this, but the way I understand it is that
> > specifying the @ will let any node on the network attempt to
> > connect to the HP3000. This can be VERY significant in terms
> > of security.
>
> Yup.....  That's why we took the "@" sign out again shortly after
> putting it in.  By using the right level of subnet masking we were
> able to specify the valid IP ranges for all our users without going
> to pages and pages of individual entries.  It's a nice security
> "feature":  If the user's IP address is not in the configured range,
> all they get in response from the 3000 is.....:  silence.

The "@" sign in the router config in NMMGR and all the fancy subnet
masking there do not have any effect on who can send packets *to*
the 3000.  It only controls whether the 3000 knows where to direct
*replies* to these packets.  Removing the "@" sign (i.e. not having
a default gateway) will do nothing to protect the system from UDP
datagrams, broadcast messages of various types, pings o' death, short
shameful connections, etc.

G.