To a server that requires an exchange of a sequence of messages. The clientsystem begins by sending a SYN message to the server. The server thenacknowledges the SYN message by sending a SYN-ACK message to the client. Theclient then finishes establishing the connection by responding with an ACKmessage and then data can be exchanged. At the point where the server systemhas sent an acknowledgment (SYN-ACK) back to client but has not yet receivedthe ACK message, there is a half-open connection. A data structuredescribing all pending connections is in memory of the server that can bemade to overflow by intentionally creating too many partially openconnections. Another common attack is the SYN flood, in which a target machine isflooded with TCP connection requests. The source addresses and source TCP ports of the connection request packets are randomized; the purpose is to force the target host to maintain state information for many connections that will never be completed. SYN flood attacks are usually noticed because the target host (frequently an HTTP or SMTP server) becomes extremely slow, crashes, or hangs. It's also possible for the traffic returned from the target host to cause trouble on routers; because this return traffic goes to the randomized source addresses of the original packets, it lacks the locality properties of "real" IP traffic, and may overflow route caches. On Cisco routers, this problem often manifests itself in the router running out of memory.