Christopher Klaus says: > To fully fix the problem will require all the vendors to come out with > kernel patches to make the TCP sequence numbering difficult to > guess, Even that is insufficient, actually. If you see a packet going by, you can still try to jam the works up and steal the connection anyway. The only permanent solution is a cryptographic security protocol for the net -- one is actually in the works now in the IETF. Perry