What defenses are possible against TCP SYN spoofing attacks?
• Using a modified version of TCP connection handling code. When a SYN packet is sent to the server, the server generates and encodes critical information about the connection and sends a SYN-ACK packet with the cookie attached. If someone responds then the response contains the encoded cookie which the server can decode and reconstruct information about the connection. • Using the “random drop” mechanism which chooses an incomplete connection randomly and drops it. • Changing some TCP configurations like: size of the TCP connections table and the timeout used for removing incomplete entries from the table.