It will, except that a slight modification of the attack (using IP addresses that _don't_ produce ICMP_UNREACH) will get us back to square one.
Anyway, filtering packets with SRC addresses known to generate ICMP_UNREACH at the earliest possible stage might be a good idea.
I understand paragraph two, but about paragraph 1.... When I ran the TCP SYN attack using routable source addresses, before I patched my attack kernel to allow Spoofers, I literally beat-to-death a server on the same subnet and the attack has no effect. However, when I hacked the kernel to allow spoofed addresses, the attack was severe and immediate. So, from my tests, the attack is only sucessful when the bogus source address is UNREACHABLE (which is a defense in the non-random attack. For clarity, the attack only works when the IP source address is UNREACHABLE, this has been my observation here in the lab using an source address from my net (however I haven't confirmed this with a good source address in another domain but I will...) Tim
Tim
Dima