> > Well, RST is more definitive than FIN, somehow... > > That said, the attack you cite is harder to carry out than you think. > It's easy to guess the next starting sequence number for a connection; > it's much harder to know what the sequence number status is of an existing > connection unless you're sniffing the wire. You'd also have to know > what the client's port number was; again, without sniffing the wire, that's > hard to come by, unless one of the two sites has an overly-cooperative > SNMP server. > I'm sure I'm confused, but... It seems logical that RST sequence numbers should be ignored. RSTs are usually sent to abort a hosed connection, one in which it is likely the sequence numbers are already out of whack. ??? dorian