A type of
denial of service attack in which the attacker sends a number of
connection requests to the very small
buffer space that exists to handle the usually rapid
hand-shaking exchange of messages that sets up the
session, and then fails to respond to the reply. This leaves the first
packet in the
buffer so that other, legitimate
connection requests can't be accommodated. Although the
packet in the
buffer is dropped after a certain period of time without a reply, the effect of many of these bogus
connection requests is to make it difficult for legitimate requests for a
session to get established. In general, this problem depends on the
operating system providing correct settings or allowing the
network administrator to tune the size of the
buffer and the
timeout period.
See also: buffer overflow attack, teardrop attack, smurf attack