> I work at a hosting company and we see these kinds of issues in the > real world fairly frequently. I would guess maybe a monthly basis. > The servers where we have seen this are typically running RHEL 4 or 5 > kernels, so I can't really speak to how recent the kernel is in this > specific term.
RHEL5 should be recent enough. > > If I can find a box that we could temporary get a kernel.org kernel > on, I'll see if I can get a real comparison together. We have > collected a few of the more effective attack tools that have been left > on compromised systems, so it wouldn't be too difficult to get some > numbers. That would be useful yes -- for different bandwidths. If the young/old heuristics do not work well enough anymore most likely we should try readding RED to the syn queue again. That used to be pretty effective in the early days. I don't quite remember why Linux didn't end up using it in fact. -Andi -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
