> This will leave incoming connections in the ESTABLISHED state on the > remote side, significantly slowing down Code Red or Nimda-style scans > of the entire IP space,
Yeah. And significantly slowing down Code Red requests through unsuspecting proxies, bringing down the proxies, potentially. IOW: antisocial if used on the Internet. Having over 150 proxies serving several million narrowband internet users, I can tell you that I really hate that proposal. We handle it, heuristically, but it's awful. And don't tell me I should disinfect the clients. That sucks. I feel this to be a dangerous option, and would protest inclusion into the base kernel (protest shortly, that is, and with no authority at all :-) best regards Patrick
