Abstract:

"Firewalls, packet filters, intrusion detection systems, and the like often have difficulty distinguishing between packets that have malicious intent and those that are merely unusual. We define a security flag in the IPv4 header as a means of distinguishing the two cases."

My favourite bit:

"Multi-level insecure operating systems may have special levels for attack programs; the evil bit MUST be set by default on packets emanating from programs running at such levels.  However, the system MAY provide an API to allow it to be cleared for non-malicious activity by users who normally engage in attack behavior." [IETF]

7:15:10 PM