Protocol analysis is necessary for an increasing number of devices. This includes firewall for Application Level Gateway and advanced filtering, IDS/IPS for advanced rules, Deep Packet Inspection for a deep understanding of content. The complexity of protocol analysis is not only bound to the one of the high level layer of the OSI model. Low level manipulation are still a efficient method to attack these systems. The talk will present some known attacks and will focus on some new ones. The defensive side will be shown to with a explanation of counter-measures that have been implemented on Suricata and Netfilter.