TCP Reset Spoofing OpenBSD Reality Random Source Ports since 1996 attack at T1 speeds now takes 7.5 days (instead of 13 seconds) We do other things too: Require RST packets to be right on the edge of the window since 1999 attack at T1 speeds now infeasible And of course, OpenBSD supports TCP MD5 auth and IPSec BGPD will not allow window scaling unless one of these is in use