Actually, "malicious" can mean denial of service in the context of socket connections. accept()ing a connection takes up far more system resources (and bandwidth) than dropping the connection on listen()-- before a TCP handshake is done. In fact,
FreeBSD has a kernel extension for HTTP servers that blindly accept in this fashion.
Sidenote: after further investigation (by Collective), it actually *is* possible using the Winsock API to get the remote ip/port before calling accept() (technically,
WSAAccept). There might be a POSIX way to do this too, but it seems to have drawbacks. You can read about them in the WSAAccept MSDN article.