> I've only got one novel idea: instead of using tcp_iss directly > for the SYN everytime a new TCP/IP connection is opened, send > MD5(tcp_iss) [or maybe MD5(tcp_iss, time(NULL), ...)]. This sounds awefully expensive. One md5 operation for each new passive or active connection. > MD5 to predict sequence numbers. MD5 is quite fast (is it fast > enough?) and is completely exportable. Code for MD5 is available This is a good question. How many connections do you expect per second (both incoming and outgoing)? How much of a load will this place on the rest of the machine?