synfloods


attack is cheap to do, no need to track anything

with spoofed src address, attacker not bothered with the replies

very few ressources enough to DoS even big servers/firewalls

hard to distinguish from legitimate traffic
if done well, which fortunately is rare in practice