A Distributed Denial-of-Service (DDoS) attack by a TCP stateless hog is
defeated with use of an enhancement to the keep-alive mechanism provided
by RFC 1122. A TCP server receives a new TCP connection request from a
possible attacker and sends a keep-alive probe packet back thereto using
an "invalid" sequence number. Illustratively, this "invalid" sequence
number comprises a random number selected to be reasonably distant from
the actual current sequence number. When a responsive packet is received
from the potential attacker, the TCP server verifies the accuracy of the
acknowledgement number in the received packet, thereby determining
whether the potential attacker may be a TCP stateless hog.