@petersuber This whole thing reminds me very much of RFC 3514. Well over two decades after the Evil Bit was first proposed (a one-bit security flag in IP v4 to indicate that a packet is sent with evil intent), we still see apparently malicious packets arriving at firewalls, yet these do *not* have the Evil Bit set. However, as the Evil Bit is not set, we cannot say with certainty whether these apparently malicious packets are, in fact, evil.
