The main reason to use SYN cookies, however,
is to mitigate the effects of SYN floods by making the TCP handshake stateless
[Aura and Nikander 1997]. When a server uses SYN cookies it does not
allocate resources to a connection until the 3-way TCP handshake completes.
First the server sends a SYN + ACK packet with a specially encoded initial
sequence number, or cookie, that includes a hash of the TCP headers from the
client’s initial SYN packet, a timestamp, and the client’s Maximum Segment
Size (MSS). Then when it receives the client’s response, the server can check the
sequence number and create the necessary state only if the client’s sequence
number is the cookie value plus one. Because the cookie uses a hash involving