I wonder if it would be easy to do this using iptables on an outbound firewall. I think you can fairly easily set a maximum permitted SYN rate per source/destination hosts. If that works, it wouldn't need code changes and it would be hard for outgoing services to accidentally subvert.
I wonder if it would be easy to do this using iptables on an outbound firewall. I think you can fairly easily set a maximum permitted SYN rate per source/destination hosts. If that works, it wouldn't need code changes and it would be hard for outgoing services to accidentally subvert.