I don't know if anyone has read about this tool yet, but here's a small description of it. Follow the link to read CNET's story on it.
The hacker would then send off a data packet to the third-party server with any valid-looking information in the data fields, but the real message would be hidden in four bytes of the ISN field. The packet would contain a message indicating to the third-party server that a computer wants to start a communications session. The server would acknowledge the message, but because of the forged source address, the message would be forwarded on to the recipient.
http://news.com.com/2100-1002-5058535.html?tag=nl