> > > Christopher Klaus says: > > Probably the best way to prevent IP spoofing attacks is to turn off all > > ip-based authenication services, ie rsh, rlogin are the main ones. > > Insufficient. If you can see at least part of the packet stream, you > can session-steal. This makes a mockery of things like S/Key. > > Perry Umm, to session steal (rather than hijack a connection as it is formed), I believe you need to `guess' ACK numbers for both directions of the TCP connection...ie if you can already see the packets whizzing by, then you are in a good position to steal a session... darren