TCP Connections Without State

How to detect “established” TCP connections without keeping state?
- Established connections have ACK flag set
“Established” keyword in many stateless firewalls allows incoming packets if ACK flag set
- Can be exploited by faking packets with ACK flag set

How to detect “established” TCP connections without keeping state?