pa011:
Could you give some explanation please on the difference between:
-lots of challenge ACKs received exactly the same number of chacks as number of sent RSTs (fixed kernel, sysctl workaround, ...) -one challenge ACK received just one chack during this connection -two challenge ACKs received one chack after first RST burst, another one after second burst -vulnerable 100chacks/s rate limit was hit twice -zero challenge RFC5961 is not supported -multiple challenge ACKs anything else, i.e. there are some random number of chacks received but less than number of sent RSTs, probably rate-limited
Current (these) definitions are here [1]. But they are a subject of change, because I'm trying to improve scanning method (separating counters for each of bursts). [1] https://github.com/nogoegst/grill/blob/master/verdict/verdict.go -- Ivan Markin