>>97
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-4/syn_flooding_attacks.html
Lessons Learned
The protocol flaw in TCP that makes SYN flooding effective is that for the small cost of sending a packet, an initiator causes a relatively greater expense to the listener by forcing the listener to reserve state in a TCB. An excellent technique for designing protocols that are robust to this type of attack is to make the listener side operate statelessly [3] until the initiator can demonstrate its legitimacy. This principle has been used in more recent transport protocols, such as the Stream Control Transmission Protocol (SCTP) [4], which has a 4-way handshake, with listener TCB state being created only after the initiator echoes back some "cookie" bytes sent to it by the listener. This echo proves to some extent that the initiator side is at the address it appears to be (that is, it has return reachability) and is not attempting a SYN flooding style of attack.