>On Thu, Dec 11, 2003 at 12:28:28AM +0100, Michal Zalewski wrote: > >> 2. Random IP ID numbers, a feature of some systems (OpenBSD?), although also >> risky (increasing reassembly collission probability), make the attack >> more difficult. > >FreeBSD also has the option of randomizing the IP ID. Solaris uses a different IP ID sequence for each system it communicates with; you'll need to be able to see the packets go by (in which case TCP splicing is child's play). Casper
