TCP Anomaly Protection #2482
Description
Some of the TCP anomalies faced in volumetric DDoS attacks are easy to block stateless (e.g. bad flags combinations), but some of them require state and these types aren't good to implement on the XDP layer. Need to patch the kernel to terminate TCP connections facing these anomalies and report in performance counters (probably it's time to make a separate security counters procfs file):
- Segment Duplicate Has Different Data
- Segment Overlap has Different Data