OK, from the way I understand this, they send a HTTP packet to your web server with bogus info in the packet header... Then, when you server looks at the bogus info, runs a normal checksum, their system uses this check to their own advantage.
I suppose you could get useful work done, but MAN! The amount of packets that would have to be flying back and forth! Any admin worth his salt would see the nasty bandwidth trend to their main server and lock that IP out fairly quickly.
I would also imagine this is more bandwidth limited than CPU limited. A modern computer can chew through simple http packet headers pretty fast. However, your nice T1 line will slow to a crawl if this happens. I'd imagine it would look a lot like a DoS attack if their end didn't have some intelligence at slowing the packets down...
I still think it is unethical bullcrap to try this in the first place, though...
JHutch
PS Okay, who is starting the betting pool on how long it takes one of those script kiddies to develop a hack of some sort that exploits this?