Which must be the worst explanation I’ve ever seen.
From Troubleshooting Linux Firewalls (Shinn, 2005):
To help prevent SYN flood attacks, the 2.4 and 2.6 kernels, if compiled with this option, have the ability to send out what are refered to as “SYN cookies”. These are basically ACK packets that contain a little cryptographic hash, which the responding client will echo back with as part of its SYN-ACK packet. If the kernel doesn’t see this “cookie” in the reply packet, it will assume the connection is bogus and drop it. The kernel will only send SYN cookies if the SYN socket buffer is backlogged.
Which is a little clearer.
Regards
Andrew