The Linux kernel's tcp_v4_syn_recv() implements exactly this state machine, and SYN flood attacks work by exploiting the half-open SYN_RECEIVED state you track here — which is also why Linux ships SYN cookies as a defense. Kevin Mitnick's famous 1994 attack against Tsutomu Shimomura relied on predicting the ISN this task has you compute.