As such, there seems to be a reason for some concern, even with random IP IDs, since it only takes one RFC-ignorant party for the attack against a session to succeed.
Is it possible the RSTs you're seeing are from firewalls which send an
RST due to rules in the firewall? It could be that those 12 hosts
wouldn't actually accept a connection where the SYN packet has a zero
TCP checksum.
Many switches will not forward incorrect checksums. NAT devices recalculate checksums. Your mileage may vary.
Jeff
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
