IPID Attacks
OpenBSD Reality

OK. So our policy did not actually catch this one. But...
There's another attack.

Injecting tcp payload in fragments after the TCP header.
Proposed by Michael Zalewski, 2003 
Pseudo-random IPID makes it hard to perform this attack

paying attention to the earlier "unimportant" attack avoids this