Generate a pseudo-random key stream & xor to the plaintext.
Key: The seed of the PRNG
Traditional PRNGs (e.g. those used for simulations) are not secure. E.g., the linear congruential generator: X i = a X i-1 + b mod m for some fixed a, b, m. It passes the randomness tests, but it is predictible.
Since RC4 is a stream cipher, an attacker can modify the plaintext bits over the ciphertext and fix the CRC checksum accordingly.
Parts of the plaintext is predictable (e.g., the upper-layer protocol headers).
Attacker sniffs a packet and changes its IP address to his machine from the ciphertext. (If the attacker’s machine is outside the firewall, the TCP port number could also be changed, to 80 for example, which most firewalls would not block.)
Hence, the attacker obtains the decrypted text without breaking the encryption.