So what you are suggesting basically is to add an application layer
sanity
checker and DoS preventer, am I right ?
More or less, yes. The main thing is to have something in front of the
clocks that can be used to block or mitigate network abuse activities like
DoS. And if this front-end is a UNIX box then it is easy to take a simple
proxy such as udprelay and extend it to do some application layer
checking.
--Michael Dillon