I've been following the discussion on IP spoofing, and ways to prevent it. While all that is well and good, I would like an objective measure of risk. I've read the procedure for guessing sequence numbers and the like, and it seems simple enough, except on any system with a heavy load. For instance, take a machine that gets 20 new connections/second on average (fairly likely on a machine thats run as a WWW server for instance). Given that most systems increment the sequence counter by some amount per new connection, and you can't predict how many new connections will occur in a given time interval it seems that this hole just got a lot harder to exploit. I'm not advocating relying on the system load for security, just trying to get an idea of how quickly someone might be able to get in. I'd like to avoid writing a program to exploit this and testing it several hundred times here to get a figure. -- Leo Bicknell - bicknell@vt.edu | Make a little birdhouse bicknell@csugrad.cs.vt.edu | in your soul...... bicknell@ussenterprise.async.vt.edu | They Might http://ussenterprise.async.vt.edu/~bicknell/ | Be Giants