DoS, ICMP, proxies, SYNDefender

Tim Bass writes:

On the SYNDefender firewall..... if we are interested in
firewalls, then the 'elegant firewall solution' is, IMO,
to insure that our gateways send ICMP UNREACHABLE messages
back to the host. Then it is somewhat easy to do the
kernel checks to free SYN_REVC 'zombies'

It would also make it easier to nuke vital network communications
paths. Thanks, but I'll pass.