The TCP/IP sequence number guessing attack
Some references:
Steve Bellovin's brief description
Robert T. Morris's original paper warning about the attack
Steve Bellovin's followup paper generalizing the problem
A relevant CERT advisory
Tsutomu Shimomura's post showing logs of an actual attack
A WWW page with links to newspaper stories and much much more
My implementation of a deterrent against initial sequence number guessing