There may be real connections from machines which can not be
If your firewall is a smart relay, it could send a rst after a short
time without seeing an inbound SYN/ACK.
Roderick Murchison, Jr. wrote:
| Ditto... I just woke up *again* with a kludgy but potential defense...
| sorry if this is totally out of whack, but I'm really beat!
| Ok. say you have a firewall between your network and you Internet
| connection. If that firewall could detect and *detain* a segment with the
| SYN option set, then see if the set source IP answers an ICMP echo
| request, we could effectively determine whether or not the SYN could be
| dropped at the firewall and not sent through to spam our hosts. If the
| source responds, release the SYN and let it pass through to the intended
| host. If it does not, trash the SYN and log the failure.
"It is seldom that liberty of any kind is lost all at once."