tcp_chaff


Inconsistent TCP "retransmissions"
bearing invalid TCP checksums
bearing empty TCP flags
as a faked retransmission
bearing out-of-window sequence numbers
bearing SYN flags in the middle of a connection
bearing short TTLs
bearing TCP timestamp options with older timestamps for PAWS elimination

Any NIDS *not* vulnerable to this?
       tcp_seg 1
       tcp_chaff paws
       order random