The following problem (as discussed in this paper) has not yet been identified. Certain firewalls today, will not authenticate the validity of certain protocol fields within the packet they are processing. The risk is exposure of information, mainly unique patterns of behavior produced by the probed machines answering our crafted queries. Those patterns will help a malicious computer attacker to identify the operating systems in use. Postscript version available here.
You can download it from the following link: https://packetstormsecurity.com/files/download/23332/Unverified_Fields_1.0.pdf
Source: https://packetstormsecurity.com/files/23332/Unverified_Fields_1.0.pdf.html