re: flooding

styx is a level above TCP and is fairly transport
neutral. Fixing the TCP stack to protect against
flooding is fairly simple. Instead of allocating
the tcb at initial SYN you just make an entry in
a hash table containg the info from the initial
packet and do nothing else. You actually start
tcp processing when the first real packet made from
your ack returns.