Lack of information
For more information check out Stonesoft's site "antievasion.com".
The only bit of real "example" of what they mean is :
"A: Technical: Consider the well known method of packet fragmentation, this alone would be caught. However, if this is combined with random IP options and a manipulation of how data is interpreted on the target, the attacker can successfully deliver a payload containing any attack."
Which means absolutely naff all to me. If a firewall is going to block a fragment, then it doesn't matter what options you put on it, it'll be blocked. If we're talking about a remote exploit, then how can you manipulate how the data is interpreted on the target? If you can affect your target remotely, then you've already hacked in far enough that the target is fubar.
They've fudged the whole issue of explaining these AETs to the community at large :
"Stonesoft is announcing the concept discovery, but it is not providing any details or tools that would arm criminals with the information needed to use these techniques. AETs are complex, and require the resources and funding that average hackers do not typically have"
Those "details" would not only arm the criminals with the attacks but also the world's security people with the defences.
Sounds like the biggest FUD scam for years!