diff -ur linux-2.2.14.old/include/linux/sysctl.h linux-2.2.14/include/linux/sysctl.h
--- linux-2.2.14.old/include/linux/sysctl.h	Wed Jan  5 04:14:41 2000
+++ linux-2.2.14/include/linux/sysctl.h	Fri Apr  7 01:25:36 2000
@@ -227,7 +227,8 @@
 	NET_IPV4_ICMP_ECHOREPLY_RATE=63,
 	NET_IPV4_ICMP_IGNORE_BOGUS_ERROR_RESPONSES=64,
 	NET_IPV4_IGMP_MAX_MEMBERSHIPS=65,
-	NET_IPV4_ALWAYS_DEFRAG=67
+	NET_IPV4_ALWAYS_DEFRAG=67,
+	NET_IPV4_TCP_LAST_ACK_RETRIES=68
 };
 
 enum {
diff -ur linux-2.2.14.old/include/net/tcp.h linux-2.2.14/include/net/tcp.h
--- linux-2.2.14.old/include/net/tcp.h	Wed Jan  5 05:25:59 2000
+++ linux-2.2.14/include/net/tcp.h	Fri Apr  7 01:04:59 2000
@@ -245,6 +245,12 @@
 				 * 90 minutes to time out.
 				 */
 
+#define TCP_LAST_ACK_RETRIES 0	/*
+				 * LAST_ACK retries, against LAST_ACK DoS
+				 * 0 means disable this feature
+				 * default is 0
+				 */
+
 #define TCP_TIMEOUT_LEN	(15*60*HZ) /* should be about 15 mins		*/
 #define TCP_TIMEWAIT_LEN (60*HZ) /* how long to wait to successfully 
 				  * close the socket, about 60 seconds	*/
diff -ur linux-2.2.14.old/net/ipv4/sysctl_net_ipv4.c linux-2.2.14/net/ipv4/sysctl_net_ipv4.c
--- linux-2.2.14.old/net/ipv4/sysctl_net_ipv4.c	Wed Oct 20 08:14:02 1999
+++ linux-2.2.14/net/ipv4/sysctl_net_ipv4.c	Fri Apr  7 01:01:55 2000
@@ -56,6 +56,7 @@
 extern int sysctl_tcp_max_ka_probes;
 extern int sysctl_tcp_retries1;
 extern int sysctl_tcp_retries2;
+extern int sysctl_tcp_last_ack_retries;
 extern int sysctl_tcp_fin_timeout;
 extern int sysctl_tcp_syncookies;
 extern int sysctl_tcp_syn_retries;
@@ -166,6 +167,8 @@
 	 &sysctl_intvec, NULL, NULL, &tcp_retr1_max},
 	{NET_IPV4_TCP_RETRIES2, "tcp_retries2",
 	 &sysctl_tcp_retries2, sizeof(int), 0644, NULL, &proc_dointvec},
+	{NET_IPV4_TCP_LAST_ACK_RETRIES,"tcp_last_ack_retries",
+	 &sysctl_tcp_last_ack_retries, sizeof(int), 0644, NULL, &proc_dointvec},
 	{NET_IPV4_TCP_FIN_TIMEOUT, "tcp_fin_timeout",
 	 &sysctl_tcp_fin_timeout, sizeof(int), 0644, NULL, 
 	 &proc_dointvec_jiffies, &sysctl_jiffies},
diff -ur linux-2.2.14.old/net/ipv4/tcp_timer.c linux-2.2.14/net/ipv4/tcp_timer.c
--- linux-2.2.14.old/net/ipv4/tcp_timer.c	Wed Jan  5 04:14:41 2000
+++ linux-2.2.14/net/ipv4/tcp_timer.c	Fri Apr  7 01:00:40 2000
@@ -27,6 +27,7 @@
 int sysctl_tcp_keepalive_probes = TCP_KEEPALIVE_PROBES;
 int sysctl_tcp_retries1 = TCP_RETR1;
 int sysctl_tcp_retries2 = TCP_RETR2;
+int sysctl_tcp_last_ack_retries = TCP_LAST_ACK_RETRIES;
 
 static void tcp_sltimer_handler(unsigned long);
 static void tcp_syn_recv_timer(unsigned long);
@@ -157,6 +158,12 @@
 
 	/* Has it gone just too far? */
 	if (tp->retransmits > sysctl_tcp_retries2) 
+		return tcp_write_err(sk, 0);
+
+	/* LAST_ACK timeout */
+	if ((sk->state == TCP_LAST_ACK ) && 
+	    (sysctl_tcp_last_ack_retries > 0) && 
+	    (tp->retransmits > sysctl_tcp_last_ack_retries))
 		return tcp_write_err(sk, 0);
 
 	return 1;