Well recently I've been reading about different Denial of Service methods. One method that kind of stuck out was SYN flooding. I'm a member of some not-so-nice forums, and someone was selling a python script that would DoS a server using SYN packets with a spoofed IP address.
However, if you sent a SYN packet to a server, with a spoofed IP address, the target server would return the SYN/ACK packet to the host that was spoofed. In which case, wouldn't the spoofed host return an RST packet, thus negating the 75 second long-wait, and ultimately failing in its attempt to DoS the server?
Best Answer
There are several cases in which this might not happen.
SYN cookies can be used as a defense against SYN floods, by removing all server-side state during the handshake. (Check out how they work if you don't know, it's quite a brilliant hack that does not break the TCP spec.) SYN cookies are enabled on my Ubuntu Lucid system by default, so I'd expect that most servers use them nowadays.