Comcast (along with Sandvine) has been in the news recently for blocking
Bittorrent (and apparently Notes and Google) traffic using forged TCP RSTs.
Examples of this behavior can be found at the following locations:
http://www.dslreports.com/forum/remark,18926539
http://forums.somethingawful.com/showthread.php?threadid=2669968
http://torrentfreak.com/images/comcast-rst1.txt
In each case above, the genuine faux RSTs come in pairs and the sequence number
of the second RST is 12503 bytes higher than the first. This presumably ensures
that at least one of the RSTs is within the receiver's window. Assuming that
12503 is a constant offset, what's so special about it? Why not a nice, round
number like 12500, 3000, 16000 or something based on the window size?
(Using Sandvine to DoS your neighbors is left as an exercise for the reader.)