I don't know, but since nobody else seems to either, how about a
router box that detects excessive SYN activity and then automatically
blocks that ip address for awhile? I suppose it just means that
the attacker has to vary the source address rapidly.
> Anyway. Point is this: We can't take too much more of this, nor can our
> customers. I have yet to hear *anyone* come up with any ideas even remotely
> reasonable for how to deal with this situation, long term, except for the
If they modulate the phasers we just need to modulate the sheilds. 
If someone comes up with a good solution we will be glad to impliment it.
BTW. Some time ago (when we used PC based routers and had all sources) we
discussed the same problem. One of the best solutions to prevent many kinds of
hacker's weapons is to allow customer send packets with SRC address ONLY
if this (SRC) address have routing via the same interface. This control is possible
only for one-homed customer but is effective enougph to prevent TCP spoofing,
many SYN, PING, UDP etc attacks and does allow ISP to determine the source of
any internet attack.
> > reasonable for how to deal with this situation, long term, except for the
>
>
If they modulate the phasers we just need to modulate the sheilds.
But they always modulate phasers _BEFORE_ you modulate shields -