Attacker creates a random source address for each packet SYN flag set in each packet is a request to open a new connection to the server from the spoofed IP addressVictim responds to spoofed IP address, then waits for confirmation that never arrives (timeout wait is about 3 minutes)Victim's connection table fills up waiting for replies and ignores new connections Legitimate users are ignored and will not be able to access the serverHow do you protect your network against SYN Flood attacks?