Great idea...
Internet isn't slow enough yet, so let's force clients to time-out and retry their connections.
What if all you had to do to block SYN-based denial-of-service attacks was drop the first incoming SYN packet? That intriguing idea was put forward this week, in this Internet-Draft. SYN floods are a basic “cheap and cheerful” DDoS – an attacker with a botnet handy gets the machines to send TCP SYN messages (these are the …
Not very well in other words, too many crap network stacks out their which would fail never mind it working properly looks like it's broken to end users except here it would be much more subtle than a missing expected email and would manifest as security gates failing open or closed etc. Due to aforementioned crap network stacks