Sorry for the cross-post, but assume this is relevant to both lists.
It's regarding the default setting of net.inet.ip.random_id to 0
This disclosure has caused a bit of a stir on the Tor-relays list
starting with this post:
https://lists.torproject.org/pipermail/tor-relays/2014-March/0
OSE_WAIT
Those conditions are _highly_ unlikely, until you start hedging your
bets.
net.inet.ip.random_id=1 in sysctl.conf(5) is one way to exacerbate the
problem. So are the magic scrubbing bubbles in pf.conf(5): scrub all
random-id. Also, the PIX/ASA code randomizes IDs by default
