1. When trying to spoof a TCP connection, the intruder is faced with the difficulty that he will never see the response to a SYN packet.. This is a problem because the victim sends back information to the spoofed address that is needed to carry on the conversation, namely the sequence number being used by the victim. Luckily (for hackers), most systems choose sequence numbers in a predictable way. History: Kevin Mitnick was caught doing TCP sequence number prediction against Tsutmu Shimomura. The reason Shimomura was able to catch Mitnick is because in order to predict the next sequence number, you must first grab the previous number using a non-spoofed connection. History: One of the first to point out this security problem was Robert T. Morris in a 1985 paper entitled A Weakness in the 4.2BSD Unix TCP/IP Software. From Hacking-Lexicon