diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 6a9a4635cee..d17b46d1303 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -85,7 +85,6 @@
 #include <netinet/ip.h>
 #include <netinet/ip_icmp.h>
 #include <netinet/ip_var.h>
-#include <netinet/icmp_var.h>
 #ifdef INET6
 #include <netinet/icmp6.h>
 #include <netinet/ip6.h>
@@ -2231,13 +2230,6 @@ tcp_send_challenge_ack(struct tcpcb *tp, struct tcphdr *th, struct mbuf *m)
 	sbintime_t now;
 	bool send_challenge_ack;
 
-	/*
-	 * The sending of a challenge ACK could be triggered by a blind attacker
-	 * to detect an existing TCP connection. To mitigate that, increment
-	 * also the global counter which would be incremented if the attacker
-	 * would have guessed wrongly.
-	 */
-	(void)badport_bandlim(BANDLIM_TCP_RST);
 	if (V_tcp_ack_war_time_window == 0 || V_tcp_ack_war_cnt == 0) {
 		/* ACK war protection is disabled. */
 		send_challenge_ack = true;