New Denial of Service Attack on Panix

But of course. The problem is that SYN_RCVD is a transient state in the
TCP automaton, and it requires some resources allocation. The life
might have been a little bit different if servers weren't forced
to track this state. Something like a signed ticket accompanying the
second SYN and the following ACK.


That's the idea of making the iss a ticket that includes mss info and
a hash of the other info plus a security ticket.

I had hoped to work on that but it looks like someone else local is almost
done and claims that ignoring window size and any data with the SYN(s)
is harmless...