New Denial of Service Attack on Panix

Having agreed with Vadim's message in its entirety, I want to add some
more - as I see it, SYN-flood attacks are made real by inadequate TCP
implementations on the majority of Internet-connected boxes, i.e. these
said boxes just cannot keep up with the rate their network interfaces
supply packets to them. Is it fixable on the host level? My gut feeling
says "most probably, yes." Does it eliminate the need for the measures
outlined by Vadim? Of course, not.