Re[4]: SYN floods (was: does history repeat itself?)

Pat Calhoun writes:

       However if you are filtering on your outbound router to the net,
    there is still the possbility that a malicious user could spoof
    addresses as long as they belong to your address space. By moving the
    filter out to the edge (when you have the equipment) this eliminates
    that problem as well.

This is true, but if it is a valid host, the invalid SYNs will do
nothing, because the source host will send a RST and the
almost-connection will be torn down. And if it isn't a valid host, it
will still be _much_ easier to track, because you know in general
where it's coming from.