The present invention relates to a method and network element for providing secure access to a packet data network, wherein a first source information is derived from a message received from a terminal device (40, 60), and is compared with a second source information derived from a packet data unit used for conveying said message, or derived from a security association set up between the terminal device and the data network. A protection processing for protecting the packet data network from a fraudulent user attack is then initiated based on the comparing result. Thereby, a simple and efficient protection mechanism can be provided without sending any additional information or providing any additional fields in the message.