On Sat, 23 Dec 2023, David Christensen wrote:
Sending a RST to a falsified IP address would make the sending host into an attacker by proxy. Why do you suggest it?
Because the OP wants it to stop. And the OP is running a server on this port that is clearly not responding properly or we'd at least see the syn+ack. Perhaps it cannot keep up with the connections. So the op needs to tell the problem clients to stop retrying. If it's malicious traffic then there's nothing the op can do to stop it except get a new ip or get their ISP to drop it before it gets to them. The op can try icmp port unreachable too. But that tells the client there's no server, rather than there's a tcp problem. If it's not a bandwidth problem then the op should just ignore it. Nobody, but nobody is going to send traffic to some random host with a fake source ip in the hopes someone will notice and start sending RST some tine later to that address instead of continuing to drop it.
