BSDI announcement about defense against syn-flooding attacks

  The remainder of the patches (K210-021, K210-022, and U210-025)
  add support for IP source checking, and for reducing and/or
  eliminating problems associated with SYN attacks, IP fragment
  attacks, and some other denial of service/looped server attacks.

Unfortunately, these are available only for BSD/OS 2.1 -- nothing for prior

William Sommers

They're working on fixes for prior releases, I believe.
(I have it from the coder's fingers).