A TCP SYN flood attack is the common attack used by cyber criminals. The attack generates many TCP SYN packets from non-existing senders, which causes servers to waste valuable CPU and memory resources waiting for the next packet of a TCP connection associated with each of those TCP SYN packets. This usage of resources eventually consumes all of the server resources and causes a denial of service.
There are several implementations today to protect against a TCP SYN flood attack in a network security gateway. Typical TCP SYN flood protection includes two parts: the verification of the senders of the TCP SYN packet to initiate a TCP connection and data forwarding between senders and the destination server over the TCP connection. A common way to verify the sender is to use a SYN cookie. The SYN cookie is the mechanism that, after the security gateway receives an initial TCP SYN packet, the security gateway uses a cryptographic function to generate a calculated TCP sequence number in the TCP SYN+ACK packets, each of which is in response to an initial TCP SYN packet. When the security gateway receives the replied packet, the security gateway verifies the TCP sequence number of TCP ACK packet to determine if it's from a legitimate sender. Once the sender is verified, the security gateway initiates another connection to the destination server, completes the TCP three-way handshaking, and then starts forwarding the traffic between sender and destination server. Traditionally, both verification and data forwarding are done in the same security gateway, either in one network appliance or one chassis with multiple blades. But the scalability is limited by how much memory and CPU resources one gateway has.
Even so, large amounts of TCP SYN flood packets could still overwhelm the protection mechanism of a single network security gateway. A single network security gateway, which it is implemented in an appliance, or multiple blades in a chassis, does not have the scalability to protect against a large amount of attack traffic.