The draft BCP that people are working on is OK.
However, much of what I have seen today in my lab, might be better off discussed in private... I'll say, as most of you know, SR filtering is useful, but it cannot stop the attacks.
Kernel Protection and Recovery Tools are Critical and Needed in a Hurry.
Right now, I could use a 'simple command line flush the queue, close all sockets, release all descriptors' tool.
Comment out the line in /etc/inetd.conf; kill -1 the inetd proc; stop any processes listing on those ports; comment it back in; kill -1 inetd again. If you want to command-line it, move a file with the commented line in and out of /etc/inetd.conf's place. When there's nothing listening on those ports all the sockets, descriptors, queues, pcbs, etc... go away. Is this not what you were thinking of?
If anyone has such a critter, it is one more brick in the wall.
Please let me know. via e-mail, thanks.
Regards,
Tim
Avi