Stop noisy traffic before it burns your stack.

Open-source L3/L4 anomaly detection powered by eBPF/XDP.


Getting started
Concrete use cases how to use Kernloom

Concrete use cases

Kernloom is a L3/L4 stability layer:

  • Ingress & API gateway protection — stop scans and churn before NGINX/Envoy becomes the bottleneck
  • Internal service shielding — noisy clients, misconfig storms, east-west pressure
  • State exhaustion defense — SYN bursts, connection churn, low-rate resource burn
  • NAT-safe enforcement — rate-limit first, block later; avoid collateral damage
  • Offload L7 components — keep WAF/proxy budgets for real inspection
  • Protect fragile legacy backends — stability for systems you can’t easily scale
See all use cases

How Kernloom works

Kernloom runs at the NIC using XDP and turns high-signal L3/L4 telemetry into safe, production-minded enforcement.

  • XDP dataplane at line rate (no payload inspection, no TLS termination)
  • Telemetry → decision agent (FSM) learns baseline and detects anomalies
  • Progressive enforcement to stay safe in real traffic (especially behind NAT)
  • Cooldown + auto-unban to prevent long-lasting collateral impact
  • Reputation memory so repeat offenders get stopped faster
How it works

Capabilities

A practical toolbox for modern infra teams: reduce incidents, keep latency stable, and protect shared resources.

  • Autotune baselines — less manual tuning, fewer false positives
  • Anti-flap / hysteresis — stable decisions, fewer oscillations
  • Non-compliance detection — escalates faster when an attacker keeps pushing
  • Soft/Hard rate limits — control abuse without instantly blocking
  • Short-lived blocks — automatic recovery and safer operations
Deploy options

Why teams want Kernloom

Short, practical outcomes Kernloom is designed to deliver in real production environments.

We need stability under churn: fewer connection spikes, lower CPU pressure, and predictable latency - without blocking shared NAT users.
Platform Engineering

Platform Engineering

Ingress / Gateway Owners

We want progressive enforcement: observe first, then limit, then block — with automatic recovery and faster action for repeat offenders.
Security Operations

Security Operations

Blue Team

We measure success by fewer incidents, faster time-to-stability, and keeping the rest of the stack focused on what it does best.
SRE Team

SRE Team

Reliability & Incident Response

call to action

Try Kernloom

Start safe: deploy Kernloom, activate bootstrapping mode and let Kernloom autotune itself for two weeks. Measure WAF/proxy/app stability improvements with minimal risk.

Get started