bart!!!! Haven't you heard of a man in the middle attack? You cannot guarantee that a client is who you think it is simply by the IP address. You need some form of encrypted key-passing and hashing both at time of initial connection with the foreign party AND for each subsequent packet to ensure security.