TCP Cookie Transactions (TCPCT) is specified in RFC 6013 (historic status, formerly experimental) as an extension of Transmission Control Protocol (TCP) intended to secure it against denial-of-service attacks, such as resource exhaustion by SYN flooding and malicious connection termination by third parties.
[1] Unlike the original SYN cookies approach,[2] TCPCT does not conflict with other TCP extensions, but requires TCPCT support in the client (initiator) as well as the server (responder) TCP stack.
[4][5] Thus DNSSEC-enabled requests create a large number of short-lived TCP connections.
Additionally, TCPCT allows the server to release memory immediately after the connection closes, while it persists in the TIME-WAIT state.
[3] TCPCT support was partly merged into the Linux kernel in December 2009,[7][8] but was removed in May 2013 because it was never fully implemented and had a performance cost.