The 16-bit IPID field carries a copy of the current value of a counter in a host’s IP stack. Many commercial operating systems (including various versions of Windows and Linux versions 2.2 and earlier) implement this counter as a global counter. That is, the host maintains a single IPID counter that is incremented (modulo 216 ) whenever a new IP packet is generated and sent. Other operating systems implement the IPID counter as a per-flow counter (as is done in the current version of Linux), as a random number, or as a constant, e.g., with a value of 0 ([1]).

From: ftp://gaia.cs.umass.edu/pub/Chen04_IPID.pdf

From: Fun with IP Identification Field Values

RFC 791 gives a description about the IP Identification field.

The identification field value is used to uniquely identify the fragments of
a particular datagram. Fragments of a particular datagram are assembled if
they have the same source, destination, protocol, and Identifier. The
identifier is being chosen to be unique for this “this source, destination
pair and protocol for the time the datagram (or any fragment of it) could be
alive in the internet”[1].

DNS-Based Service Discovery

This document specifies how DNS resource records are named and structured to facilitate service discovery. Given a type of service that a client is looking for, and a domain in which the client is looking for that service, this allows clients to discover a list of named instances of that desired service, using standard DNS queries. This is referred to as DNS-based Service Discovery, or DNS-SD.

via. http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt

TCP may keep its offered receive window closed indefinitely RFC 1122

Part of the Transmission Control Protocol TCP specification RFC 1122 allows a receiver to advertise a zero byte window, instructing the sender to maintain the connection but not send additional TCP payload data. The sender should then probe the receiver to check if the receiver is ready to accept data. Narrow interpretation of this part of the specification can create a denial-of-service vulnerability. By advertising a zero receive window and acknowledging probes, a malicious receiver can cause a sender to consume resources TCP state, buffers, and application memory, preventing the targeted service or system from handling legitimate connections.

via US-CERT Vulnerability Note VU#723308 – TCP may keep its offered receive window closed indefinitely RFC 1122.