Description

This is an implementation of some functionality of the middleboxes in dFence: Transparent Network-based Denial of Service Mitigation by A. Mahimkar et al. It was created in 2009 to serve in the INTERSECTION project, where it mitigated the effects of a demonstration SYN flood. It could probably be adapted to protect any TCP service from errant-TCP or non-TCP traffic.

The software runs as a Linux kernel module, and is controlled through a character device.