The draft BCP that people are working on is OK.
However, much of what I have seen today in my lab, might
be better off discussed in private... I'll say, as most
of you know, SR filtering is useful, but it cannot
stop the attacks.
Kernel Protection and Recovery Tools are Critical
and Needed in a Hurry.
Right now, I could use a 'simple command line flush
the queue, close all sockets, release all descriptors'
Comment out the line in /etc/inetd.conf; kill -1 the inetd proc;
stop any processes listing on those ports; comment it back in;
kill -1 inetd again. If you want to command-line it, move a file with
the commented line in and out of /etc/inetd.conf's place.
When there's nothing listening on those ports all the sockets, descriptors,
queues, pcbs, etc... go away.
Is this not what you were thinking of?
If anyone has such a critter, it is one more brick
in the wall.
Please let me know. via e-mail, thanks.