Spoofing Attack against Unix Trust Relationships
1.Attacker interacts with targeted trusting server to determine predictability of initial sequence number
2.Attacker launches a denial-of-service attack (eg. SYN flood or smurf attack) against trusted system to force it not to respond to a spoofed TCP connection
3.Attacker  rsh to targeted trusting server using spoofed IP address of  trusted server
4.Trusting server sends an SYN-ACK packet to the unresponsive trusted server
5.Attacker sends an ACK packet to trusting server with a guess at the sequence number. If ISN is correct, a connection is made.
6.Although attacker cannot initially see reply packets from trusting server, attacker can issue command to append “++” to hosts.equiv or .rhosts file.  Trusting server will now trust all machines. IP spoofing is no longer needed