What type of attack involves flooding a victim with SYN packets to exhaust half-open TCP connections?

TCP connections are established through a three-way handshake: the client sends a SYN, the server replies with SYN-ACK, and the client completes with an ACK. In a SYN flood, an attacker floods the server with SYN packets, prompting the server to respond with SYN-ACK and wait for the final ACK. Since the attacker never completes the handshake, those connections stay half-open and occupy entries in the server’s backlog, consuming resources and preventing legitimate clients from establishing new connections. This is the classic mechanism by which a SYN flood exhausts a target’s TCP connection resources. The other floods target different layers or protocols (ICMP in a ping flood, UDP at the transport layer, or HTTP at the application layer) and don’t exploit the TCP half-open-state in the same way.