> It's possible that a intruder could take active part of a TCP > connection after this was established?
Yes, but there are limitations. A good, random ISN is very important. Do a google search on TCP session hijacking and you'll probably find more than you'll ever want to know about it. Steve Bremer NEBCO, Inc
