> TCP Sequence Numbering attacks are based on the ability of knowing a sessions > initial sequence number (ISN); a "random" number incremented every X (time Not necessarily....If you can see the traffic go by on the net, you have the sequence numbers and can go right ahead and hijack the session in-progress. This can be done with a routing redirect attack anywhere on the path between the telnet client and the skey login machine (firewall), and does not require IP spoofing. The filtering router techniques that are being discussed will NOT provide 100% protection against this sort of attack. If you really need to be absolutely safe from this kind of attack, you must not run skey or any other unencrypted interactive login at all. Application-level encryption can substantially decrese the risk of intrusion in this case, reducing the attack to a denial of service (you lose your connection.) Gauge your own risk. > Effective guessing can lead to comprimise of existing sessions; both incoming > and outgoing from your gateway- or between two internal systems. Although Again, guessing the ISNs helps a lot, but is not the only way to do this. If any router or circuit your connection has traversed is compromised, so is your connection. This does not require spoofing or rource-routing, although the current attackers seem to be using spoofing and source routing, count on them to start using more pernicious methods soon. As has been pointed out, only network or transport-level encryption will entirely block these attacks. -Rens