A method for improving resistance of network protocols running on transmission control protocol (TCP), such as BGP. For example, a method comprises receiving, from a TCP application, a request to ignore all TCP segments with an RST bit set, except for solicited RST segments; establishing a filter that blocks all but solicited TCP RST segments; receiving a TCP segment with a SYN bit set and a sequence number value within an allowed window for a TCP connection matching the received segment, and for a session of the TCP application; re-configuring the filter to allow TCP RST segments for the connection associated with the received segment; requesting the TCP application to initiate an event that will induce a legitimate sender of the received segment to send a valid TCP RST segment in response; and closing the connection only when a TCP RST segment is received in response.