The source address in the SYN is spoofed. What if the real owner of the source address wanted to connect to you? Then your penaltybox would block him. An attacker could now use your penaltybox to cause a DoS to the real owner of the IP address.
The source address in the SYN is spoofed. What if the real owner of the source address wanted to connect to you? Then your penaltybox would block him. An attacker could now use your penaltybox to cause a DoS to the real owner of the IP address.