A-ddos - Kernel solution to prevent ddos attack
a-ddos is a kernel patch in order to prevent DDos attack at the low-hardware-level. It works well on a netbridge.
DDos is short for distributed denial-of-service,it becomes a serious threat nowadays. There hasn't been a perfect solution yet. a-ddos uses 512M(128M in current version) memory to keep tracks of every ipv4 address and a kernel-level timmer to record connections pre-second. While under attack, only the available IPs are allowed to be connected to the server.
In order to determine every connection, only one memory-access is needed.
The implementation is simple and fast, while under syn-flood attack a-ddos takes less than 10% cpu time to handle.
It's easy to extend the memory usage, nevertheless 4G/8 bit = 512MB can handle the whole IPV4 space!