tcp synfloods


with us since we have tcp

attacker sends initial SYN only
never follows up
doesn't need to see replies - can spoof the address
very hard to track the origin down

attacked host needs to allocate ressources
eventually a DoS

affects tcp servers - and stateful firewalls