> > > >If you're hijacking *connections* isn't it much easier to just steal > >the filehandles in the kernel? > > Not if you're on entirely another host. > > That's the point of RTM-Snr's attack, as expanded upon by > Bellovin. Guessing sequence numbers and flooding the remote machine > > - alec Alec- I think you may be confusing two techniques here - both of which have just become more 'popular.' I believe the hijacking technique is to use TAP, a modloadable SunOS driver to read and possibly write to an established pty. The TCP sequence number is what RTM and SMB wrote about. This is different - you don't need root anywhere to to that. Quentin