rootninja

According to RFC 1122, Probing of zero (offered) windows MUST be supported. ACK’s that contain no data are not reliably transmitted by TCP. If zero window probing is not supported, a connection may hang forever when an ACK segment that re-opens the window is lost. This type of attack has been realized since 2006.

http://tools.ietf.org/html/rfc1122#page-92

Higher layers will have to be relied upon to abort the connection as RFC1122 still applies to TCP. This means that an application or firewall must selectively abort TCP connections that appear malicious by staying in the persist state and consuming large amounts of resources.

Any system allowing direct TCP access without first going through a firewall may be vulnerable to this persist type of dos. US-CERT has confirmed that some products from HP, Microsoft, Cisco, CheckPoint and SUN are vulnerable to this attack.

http://www.kb.cert.org/vuls/id/723308

Modifications can be made to TCP implementations, interfaces, operating systems, and network applications, however any changes should consider the balance between improved resiliency and decreased interoperability.

tl;dr TCP is broken. Deal with it.