It is certainly possible theoretically but you'll have to go to very great lengths to imagine a scenario where a remote attacker could exploit such a flaw. It's next to impossible identify the make and model of the NIC that holds an IP address (if it is even directly bound to a NIC, CARP and other similar technologies get in the way if used), the attacker would first have to aquire this information trough other means.
Well, I'm not convinced that needing to identify the card first is really a requirement- I feel it's more likely an attacker using these techniques would just blast out a bunch of probes and figure it out based on what bounces back, similar concept to port knocking.
I wish I could find/remember where on openbsd.org this was mentioned and use the wayback machine or something, because it seemed like whoever wrote about it knew what they were talking about.
