What is Connection Flooding?
A connection flood, commonly referred to as a TCP connection flood, is whereby an attacker seeks to exhaust available TCP connection slots on a server.
Malicious client(s) are set up to incessantly request new TCP connections, with or without proceeding with further requests over established connections, until the server is saturated and unable to serve legitimate clients new TCP connections. This is a form of Distributed Denial of Service attack. Network traffic restrictions such as limiting connection rates and the number of open connections per client/IP can help to mitigate the effect of this type of DDoS attack. A load balancer or application delivery controller can be configured to track such metrics as connection rates and the number of open connections, among others, per client. This record can then be used to selectively and dynamically decide on actions to take upon further connection requests and data transmission from each client.