> I've read the procedure for guessing sequence numbers and the like, > and it seems simple enough, except on any system with a heavy load. > For instance, take a machine that gets 20 new connections/second on > average (fairly likely on a machine thats run as a WWW server for > instance). Given that most systems increment the sequence counter by > some amount per new connection, and you can't predict how many new > connections will occur in a given time interval it seems that this > hole just got a lot harder to exploit. A little harder. If there is, say, an average of 1/10 second between your initial probe and your attack packet, then all the attacker needs to do is add in the per-connection value once or twice. True, depends on luck...but it doesn't make it hard enough that the program won't succeed after a half-dozen tries. der Mouse mouse@collatz.mcrcim.mcgill.edu