Defenses Against TCP SYN Flooding Attacks (2006)

If attackers rapidly send SYN segments without spoofing their IP source address, we call this a direct attack. When detected, this type of attack is very easy to defend against, because a simple firewall rule to block packets with the attacker’s source IP address is all that is needed. Another form of SYN flooding attacks uses IP address spoofing, which might be considered more complex than the method used in a direct attack, in that instead of merely manipulating local firewall rules, the attacker also needs to be able to form and inject raw IP packets with valid IP and TCP headers.

Source: www.cisco.com