It is to take the advantage of the synchronization feature SYN of TCP. In the SYN operation, TCP on the client sends a SYN (synchronize start) packet to TCP on the server. Then TCP on the server responds with a SYN ACK (synchronize acknowledge). Finally TCP on the client completes the handshake by sending an ACK (acknowledge) packet to the destination server. Then the two computers may start to transmit data.When a computer sends the initial SYN packet to the server with false IP address, the server responds to send the packet and waits for a response until the pending connection time elapses. Similarly, the server is flooded with hundreds false SYN packets at short time. Then the server cannot deal with such many requests and the buffer of pending connections fills. The other legitimate users cannot access the server because of the congestion. The hackers always use the unsuspecting server with weak security to initiate their DoS attacks.
The Ping command helps to debug the network problems originally. The ICMP flooding is also called Ping flooding that the host is flooded with Ping requests. When it tries to respond to the requests, it gets bogged down and cannot function. The hacker often uses the Ping protocol to send a packet that is larger than standard 64 bytes, it leads the host completely shut down when hits with the Ping of Death.
The Mail flooding is that the e-mail server receives numerous huge e-mail messages from hackers. Then it runs out of disk space and causes the system to crash.Spam is another form of mail flooding. The spam e-mail messages with a variety of products advertisement are sent to e-mail servers especially free e-mail systems.