>Have an internal net with a mixture of Appletalk only and TCP/IP only
>machines, with an Acend P50 router to the Internet which is set to IP
Well this will prevent a direct attack however if an internal system can
be compromised using TCP, it could be used to access the Appletalk on the
same twisted pair. One simple example would be the case of a PC accessable
via telnetd and having FTP capability - connect to the PC, upload Farallon's
Timbuctu for the PC & execute - instant Appletalk connectivity.
A "sniffer" attack is even easier. Pick almost any machine and such a two-
stage attack will work. If A has access to B and B has access to C then
A has access to C.
This is why it is dangerous to say "this cannot cross the 'wall so it is
safe" if something else can.