Protection against spoofing is provided in a LAN having at least two service classes, where one service class includes allows access to the LAN, the internet, and the intranet containing the LAN and a more limited service class which allows access to the LAN and the internet but not the intranet databases. A user gains access to the LAN using his or her ID which identifies the user's access level. To prevent limited access users from gaining access to the intranet by changing addresses, the system continuously performs periodic checks for address changes. If there is an address change, the port assigned to, or used by the user, is disabled throwing the user off the LAN prior to his or her obtaining the requested data.