This cannot be easily used, i.e. not by script kiddies, since you need to sniff the answer packets (at least in scans; in exploit not neccesarily if you guess the seqs). Those answer packets get routed to the faked IP and so you'd need control over a router in between...
no. you simply need a single box anywhere near the path that either directly sees the packets, or can arp poison/etc to see them. Or an end host that will accept them (like someone's hacked home machine on adsl).
Well, then you have either to guess seq no, which is in case of linux not trivial or to sniff the answer packets. Usually you have to do something to prevent B from sendet RST. So it's not that easy...
I control B. end of story there =).
Well, in the same subnet it's not a problem. Maybe you can fake a switch with ARP fakes, but it's more hard to spoof a router. In contrast to UDP (which is happily used by windows :-) SCNR) it's not trivial to spoof it.
You need to go take a look at dsniff, very user friendly.
Well, it's a networking protocol :)
And that is the wrong attitude (why we are in this mess right now =).
Steffen
-Kurt