I had thought that the original thesis was that for older TCP
implementations, an attacker could make a reasonable guess about the
starting sequence number of a new TCP session, given the sequence numbers
for a previous one (i.e. one he could observe). Then he would attempt to
hijack a subsequ
As regards how this might be leveraged as an exploit:
tricky, but you might be able to use it to inject data or hijack a session,
but more inefficiently than using the TCP SEQ/ACK-exploits.
Predict the next IP-ID to be sent, send a packet with that ID, (and spoofed
source) TCP/UDP headers, etc.,
collisions are not particularly useful in a "fully-switched" (sub-) network.
For that you really would need to sample the LAN port octet counters on the
switch/router and compare them against maximum expected (or SLA) bandwidth.
And even that would usually be far above what your servers could t
