This is the excellent idea! Actually, router vendors may simply
add a feature which shuts down the interface if SYN/SYN-ACK balance
is too bad -- thus disconnecting the hacker-to-be.
Of course, that balance may be decaying with time, so repeated
unsuccessful attempts to connect won't trigger alarms.
--vadim