syncookies


upon reception of the first ACK, we can recalculate our ISN

MSS can be extracted

addresses and ports are in every packet

secret is known

verify the ACK is in response to our SYNACK
it must ack our ISN