Which attack exploits the three-way TCP handshake?

The SYN Flood attack specifically exploits the three-way TCP handshake, which is a fundamental part of how TCP (Transmission Control Protocol) establishes a connection between a client and a server.

During the normal operation of the three-way handshake, a client sends a SYN (synchronize) packet to the server to initiate a connection. The server then responds with a SYN-ACK (synchronize-acknowledge) packet, and finally, the client sends back an ACK (acknowledge) packet to establish the connection.

In a SYN Flood attack, an attacker sends a barrage of SYN requests to the target server, often using spoofed IP addresses to make it difficult for the server to respond correctly. The server attempts to complete the handshake by sending SYN-ACK responses back to these spoofed addresses, but the responses cannot be completed because the sender does not exist or cannot complete the handshake. This causes the server to exhaust its resources by allocating memory and waiting for the final ACK that will never arrive, resulting in denial-of-service as legitimate users are unable to establish connections.

Unlike other attack types, such as Man-in-the-Middle or XSS (Cross-Site Scripting), which involve different traffic interception or exploitation techniques, the SYN Flood is directly targeting