However, because of performance concerns and some incompatibilities
with TCP extensions, such as large windows, operating systems generally do
not activate the SYN cookie mechanism until the host’s SYN queue fills up. An
attacker sending spoofing traffic at a low rate may avoid triggering the SYN
cookie mechanism. Administrators may be able to forcibly enable SYN cookies
for all connections, but should be aware of the side effects