diff --git a/README.md b/README.md
index 779a3a0..feef801 100644
--- a/README.md
+++ b/README.md
@@ -32,4 +32,19 @@ sequenceDiagram
     Server-->>Client: SYN-ACK
     Note left of Client: Client receives SYN-ACK
     Client->>Server: ACK
-    Note right of Server: Connection established (and save the IP for auto whitelist)
\ No newline at end of file
+    Note right of Server: Connection established
+
+# TCP 3-Way Handshake with Mitigation
+
+```mermaid
+sequenceDiagram
+    participant Client
+    participant Server
+
+    Client->>Server: SYN (seq = x)
+    Note right of Server: Server receives SYN, generates SYN cookie<br>Cookie = hash(source IP, source port, dest IP, dest port, seq, timestamp)
+    Server-->>Client: SYN-ACK (seq = y, ack = x+1, cookie in seq)
+    Note left of Client: Client receives SYN-ACK
+    Client->>Server: ACK (seq = x+1, ack = y+1)
+    Note right of Server: Server validates cookie<br>If valid, reconstructs state and establishes connection
+    Note right of Server: Connection established
\ No newline at end of file