Simon Spero writes: > This ensures that there's at least a traceable return address for the > connection. Sort of like photuris cookies but without the forced RTT delay Not really. The genius of the Photuris cookie is that it induces no state at all in the responder, thanks to crypto tricks. I agree, though, that you can harden hosts against TCP floods. Perry