pa011:
Could you give some explanation please on the difference between:
-lots of challenge ACKs
received exactly the same number of chacks as number of sent RSTs (fixed kernel, sysctl workaround, ...)
-one challenge ACK
received just one chack during this connection
-two challenge ACKs
received one chack after first RST burst, another one after second burst
-vulnerable
100chacks/s rate limit was hit twice
-zero challenge
RFC5961 is not supported
-multiple challenge ACKs
anything else, i.e. there are some random number of chacks received but less than number of sent RSTs, probably rate-limited
Current (these) definitions are here [1]. But they are a subject of change, because I'm trying to improve scanning method (separating counters for each of bursts).
[1] https://github.com/nogoegst/grill/blob/master/verdict/verdict.go -- Ivan Markin