> That said, the attack you cite is harder to carry out than you think. > It's easy to guess the next starting sequence number for a connection; > it's much harder to know what the sequence number status is of an existing > connection unless you're sniffing the wire. You'd also have to know > what the client's port number was; again, without sniffing the wire, that's > hard to come by, unless one of the two sites has an overly-cooperative > SNMP server. also worth pointing out that if you have the source and dest address and port number you can send out a proper icmp unreachable packet (as opposed to the obviously fake ones nuke sends out). Tim N.