Testing


Ships with scripts to cover the original fragrouter (SNI) test cases

Media hype re: Snort evasion, but all other IDSs are vulnerable as well

Stateful inspection firewalls, "intrusion prevention" and other content-filtering devices are also vulnerable

Traffic normalizers (norm, OpenBSD pf) are a good intermediate solution