Recall from the previous chapter that initial sequence numbers are a mechanism used within TCP to ensure session integrity, and—de facto—to guarantee its most basic security resilience.

The only truly universal way to protect a plain-text TCP/IP session against data injection, hijacking, or fakery by a complete stranger is to ensure that the initial sequence numbers are selected in a manner that is unpredictable to the attacker. This reduces their chances of making a correct blind guess (and spoofing a packet that will be accepted as a legitimate part of someone else’s session) to a point where this risk is of little concern in the real world, even if the attacker takes the system by storm, sending thousands ...