
The Zebra firewall manager - kevinchen
https://blog.fastmail.com/2015/12/11/the-zebra-firewall-manager/
======
nwmcsween
How will this deal with spoofing?

~~~
brongondwana
The collectors need enough smarts to detect that an IP address is behaving
legitimately, and when the behavior changes sufficiently that it's no long
legitimate, to stop accepting data from that traffic.

If you're talking source IP spoofing - that's only UDP, we don't offer
anything other than DNS over UDP, and that's now being served by Cloudflare,
so we can just ignore all UDP packets. Sure people can spoof SYN, but that's
not a very powerful complexity attack.

