[SlugBug] DDoS help required

[Jonathan]

Hi all,

Got another problem for you, this time on a SuSE linux box, running some 
horribly old release, kernel 2.4.4.

It looks to be a DDoS, typically a netstat shows around 300-400 SYN 
connections to the ssh port.

I've enabled syncookies and increased the queue size for syn to 4096, 
with no success.

Any suggestions or pointers would be great. I've read a few DDoS sites, 
but they are laden with theory and how to stop these things in the first 
place. I need to know how to try and stop one that's already happening.

The IP of the box was changed and the problem abated, but when the 
service on that box was resumed, the attack started again, i.e. someone 
is a bit peeved and is attacking the box at will.

It's a server owned by a customer so an update and proper firewall have 
been recommended, but I'm just wondering if I can do something else in 
the meantime.

TIA,

Jonathan