DoS, ICMP, proxies, SYNDefender

Thanks for all the help earlier. Just to followup, I have had an offline
discussion on the UNREACHABLE, ICMP idea and the last ARP hop was a
show stopper, (security we could deal with).

I have some archives to read and catch up on as well as some more
linux kernel hacking/testing to do. If anyone hears of a linux
port for Jeff's BSD SYN patch, please email please let me know.
Otherwise, I may get to it, but next week I'm out-of-town most
of the week and will not have the pleasure of a kernel to

Thanks for the great posts and remarkably constructive comments.
It was impressive, to me, to watch the transition from last
week when, if you recall, someone implied that a kernel
fix was 'impossible', to seeing numerous excellent approaches
within a few days, in particular Vernon's and Jeff's;
however there must be others.

In times of a crisis, it is impressive to see how humans put
their differences aside and work together.

I know that my 'innovative' idea for a predictive firewall
algorithm was far fetched compared to the much easier
and workable kernel adjustments under test. Also, the
ICMP UNREACHABLE fix has merit, but to fix all the things
required to 'make it work' (almost everything, it seems)
seem orders of magnitude less attrative than the other
idea factories at work out there.

Best Regards,