Apply by doing: cd /usr/src patch -p0 < 005_tcp.patch And then rebuild your kernel. Index: sys/netinet/tcp_input.c =================================================================== RCS file: /cvs/src/sys/netinet/tcp_input.c,v retrieving revision 1.158 retrieving revision 1.158.2.1 diff -u -p -r1.158 -r1.158.2.1 --- sys/netinet/tcp_input.c 17 Mar 2004 11:42:29 -0000 1.158 +++ sys/netinet/tcp_input.c 6 May 2004 00:45:37 -0000 1.158.2.1 @@ -122,6 +122,10 @@ int tcp_rst_ppslim = 100; /* 100pps */ int tcp_rst_ppslim_count = 0; struct timeval tcp_rst_ppslim_last; +int tcp_synack_ppslim = 100; /* 100pps */ +int tcp_synack_ppslim_count = 0; +struct timeval tcp_synack_ppslim_last; + #endif /* TUBA_INCLUDE */ #define TCP_PAWS_IDLE (24 * 24 * 60 * 60 * PR_SLOWHZ) @@ -1454,8 +1458,12 @@ trimthenstep6: * error and we send an RST and drop the connection. */ if (tiflags & TH_SYN) { - tp = tcp_drop(tp, ECONNRESET); - goto dropwithreset; + if (ppsratecheck(&tcp_synack_ppslim_last, &tcp_synack_ppslim_count, + tcp_synack_ppslim) == 0) { + /* XXX stat */ + goto drop; + } + goto dropafterack; } /*