In any case, the real solution is to have hosts that check both port numbers in the fake icmp packet. As was mentioned in another message, most current systems do this checking, so nuke (and programs like it) don't work very well. Note that in the case of TCP, the ICMP packet should also include the sequence number of the bounced packet. A good implementation should check it, too. Not foolproof, obviously, but still a step in the right direction.