Does an attacker need to guess or brute-force a password for TCP spoofing?


From my understanding, TCP spoofing can be carried out if the attacker can correctly guess the sequence numbers from the response packets (to mimic the real client). The attacker may even obtain this sequence of numbers via sniffing. Furthermore, a trusted connection must already exist between the target client and the server in order for the attacker to intercept/spoof

However, I was a bit unclear as to whether the attacker would need to gain initial access to the system or network (by guessing or brute-forcing their password). In order to send the sequence numbers from response packets to the server, does the attacker need to have access to it? I am not sure whether this attacker can just send the SYN packets to the server without any access to the system/network. My concept of these things is a bit blurry right now and I would greatly appreciate some advice.

Thank you!