Striek,

Thank you much for that information!

Could TheHorse or somebody else confirm to me if that is actually an option, "Enable DARP"?

I know our Network Manager is tired of Cisco, and he is now replacing most switches with HP swicthes. Since I don't mess with that kinda stuff, I have no idea if they are comparable or not, but I will ask him if he knows about DARP.
I have already told him about all your advices, but locking every single port down is probably not gonna happen. He's the one and only guy taking care of the network, with a couple of thousands computers, using a DHCP network, and computers and rooms changing all the time, it would be way too much for him to be able to handle...

BUT, if this DARP is an option, that might in fact fix it for us!!?!

Thanks again!

ps. Ammo, have to add I just tried what you said about SSL, and yeah, that is some real scary stuff. Since we don't use public certificates, and we always have to hit YES to accept it, you can capture all the SSL sessions as well, getting all the passwords in clear text and no one would have a clue... maaaan! We are now considering getting Verisign certificates, but man are they expensive!!