Be the first to like this
natfilterd identifies unique hosts behind a NAT. It monitors TCP packets
by hooking into netfilter using the netfilter_queue extension and parses
TCP headers for the TCP Timestamps extension options. TCP timestamps are
generated by the OS based on `ticks' since boot time. Collecting per
connection (timestamp, wall clock) tuples allows identifying unique
hosts sharing the same IP with some math in realtime.
This allows natfilterd to drop packets of specific hosts sharing the
same source IP. Also, a fancy webinterface is provided.