A type of denial of service attack in which the attacker sends a number of connection requests to the very small buffer space that exists to handle the usually rapid hand-shaking exchange of messages that sets up the session, and then fails to respond to the reply. This leaves the first packet in the buffer so that other, legitimate connection requests can't be accommodated. Although the packet in the buffer is dropped after a certain period of time without a reply, the effect of many of these bogus connection requests is to make it difficult for legitimate requests for a session to get established. In general, this problem depends on the operating system providing correct settings or allowing the network administrator to tune the size of the buffer and the timeout period.

See also: buffer overflow attack, teardrop attack, smurf attack