[1] The attacker hopes to correctly guess the sequence number to be used by the sending host.
By monitoring the traffic before an attack is mounted, the malicious host can figure out the correct sequence number.
[2] If an attacker can cause delivery of counterfeit packets of this sort, they may be able to cause various sorts of mischief, including the injection into an existing TCP connection of data of the attacker's choosing, and the premature closure of an existing TCP connection by the injection of counterfeit packets with the RST bit set, a TCP reset attack.
Theoretically, other information such as timing differences or information from lower protocol layers could allow the receiving host to distinguish authentic TCP packets from the sending host and counterfeit TCP packets with the correct sequence number sent by the attacker.
Another solution to this type of attack is to configure any router or firewall to not allow packets to come in from an external source but with an internal IP address.