> >If you're hijacking *connections* isn't it much easier to just steal >the filehandles in the kernel? Not if you're on entirely another host. That's the point of RTM-Snr's attack, as expanded upon by Bellovin. Guessing sequence numbers and flooding the remote machine gives you a window of opportunity to slip in a forged packet with the right sequence number, and usurp the connection entirely from that point onwards. - but you know this, of course. 8-) - alec