> To fully fix the problem will require all the vendors to come out with > kernel patches to make the TCP sequence numbering difficult to guess, then > have all the admins apply those patches to all the machines on Internet, > and then we will have solved the problem. (While we are at it, have > admins install patches that stop get-root scripts also). Pretty simple and > quick to implement. <grin> I don't have access to the source for the appropriate modules, but it seems to me that this is a relatively simple change. What am I missing? -David