On Mon, 23 Jan 1995 20:46:20 EST, David Kovar said: > > To fully fix the problem will require all the vendors to come out with > > kernel patches to make the TCP sequence numbering difficult to guess, then > > have all the admins apply those patches to all the machines on Internet, > > and then we will have solved the problem. (While we are at it, have > > admins install patches that stop get-root scripts also). Pretty simple and > > quick to implement. <grin> > > I don't have access to the source for the appropriate modules, but it > seems to me that this is a relatively simple change. What am I missing? What you're missing is that making the change is trivial. Getting it deployed is another story. There are an estimated 2.5 million or so hosts on the Internet, many of them PC's, Macs, and various legacy systems dating back to the Stone Age. Many dont have software maintenance contracts, or are running release of software no longer supported. I dont' have kernel source for AIX 2.2.1 - it's going to be a REAL challenge for me to make the change for my two home systems, which IBM stopped supporting 5 years ago. Valdis Kletnieks Computer Systems Engineer Virginia Tech