Say someone sends me an IPv4 TCP packet and it is less than 40 bytes long, or any IPv4 packet that is less than 20 bytes long (do I have the minimum lengths correct?), then what does that do to operating system <x>? Are there still bugs in operating systems relating to checking for this and other similar evils?
I ask because I was reading about a switch that offers checking for such things and I wondered if there is still any need for such external checks. Of course a stateful firewall provides a guard against evildoers anyway unless they are already inside your LAN that is.