What type of attack interrupts the TCP three-way handshake and results in half-open connections?

In the context of network security, a SYN Flooding attack specifically targets the TCP three-way handshake process, which is essential for establishing a connection between a client and a server. During this handshake, the client sends a SYN (synchronize) packet to initiate a connection, the server responds with a SYN-ACK (synchronize-acknowledge) packet, and finally, the client sends an ACK (acknowledge) packet back to complete the connection.

In a SYN Flooding attack, an attacker sends a large number of SYN requests to the target server, often using spoofed IP addresses to avoid detection. The server, in response, allocates resources and sends SYN-ACK packets back to where it thinks the request originated. However, since the IP addresses are spoofed and do not actually belong to the attacker, the server does not receive the final ACK to complete the connection. This leaves the server with half-open connections, consuming resources and potentially leading to a denial-of-service situation as it becomes overwhelmed by these incomplete connections.

In summary, the reason why SYN Flooding is the correct choice is that it directly exploits the TCP three-way handshake mechanism to create half-open connections, thereby disrupting normal network operations.