Not so good, but here it is:

use strict;
use warnings;
use Net::RawIP;

my $n = Net::RawIP->new(
    {
        ip => {
            saddr => '192.168.1.33',
            daddr => '192.168.1.1',
        },
        tcp => {
            source  => 80,
            dest    => 22222,
            seq     => 12345,
            rst     => 1,
        },
    }
);
$n->send;
$n->ethnew("wlan0");
$n->ethset( source => '00:11:22:33:44:55', dest => '00:12:23:34:45:56'
+ );
$n->ethsend;
[download]

As brother zwon has indicated above, the Net::RawIP module (and all its many friends) allows you to drive libpcap -- which appears to be pretty comprehensive...

I think your best bet is to send a RST in both directions -- telling your server, as soon as possible, to give up and telling the client to "go away". I guess you're then going to keep a look out for the "evil" IP address and bounce all further TCP open requests ?

You'll have to concentrate on the sequence numbers, and getting your RST packets in promptly -- I seem to remember that stacks will accept RST even if the sequence number is not exactly as expected... but I cannot remember the range of this tolerance.

On some systems you can open a raw socket: socket $ETH, PF_INET, SOCK_RAW, IPPROTO_RAW (where IPPROTO_RAW is 255). This socket can be used for output only. You can then send entire IP packets (complete with IP header) via the socket. The socket will fill in these IP header fields: (a) checksum; (b) source address, if zero; (c) packet id, if zero; and (d) total length. The socket will then send out the packet as per the destination address. If your system supports it, you may or may not find this easier than getting to grips with Net::RawIP et al.

The enclosed code certainly sends packets as required from my Linux box. YMMV. To do what you want requires picking apart the IP and TCP headers of your "evil" packet, and mungeing up suitable RST packets to send.