In message <20050511095146.GD27829@drowsy.duskware.de>, Martin Husemann writes:
>On Wed, May 11, 2005 at 05:22:32AM -0400, D'Arcy J.M. Cain wrote:
>> You have blocked the offending site but now you have
>> a bunch of connections hanging around waiting for a timeout.
>
>Would you realy go through and kill them? I'd either just wait for them
>to timeout - or restart the attacked service, if I can.

One problem is that state FINWAIT-2 is stable -- you're waiting for the 
far side to send a FIN.  It will never time out, at least at the TCP 
level.

		--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb