In a SYN Flood Attack an attacker sends SYN packets at a high rate to a server without every completing the third handshake (the final client to server ACK the finalizes a connection). The server allocates resources (to store connection state information) for each received SYN and exhausts it connection resources preventing valid connections from being made. The SYN cookie approach (RFC 4987) is an effective defense against SYN Flood Attacks because the server does not need to allocate resources on a received SYN. For the standard TCP handshake (i.e., not using SYN cookies), exactly what state must be stored on the receipt of a SYN