Why is Fantaip required in the Sockstress "Low and Slow DoS Attack"?

Question

I was going through "Low and Slow DoS Attack" and one of the examples which was listed was Sockstress. I was referring the wikipedia link for the same which is given as below: http://en.wikipedia.org/wiki/Sockstress. In this link I understood the overall logic but I could not understand why the Fantaip command was used. Why cant we perform the attack by just using the Sockstress command? Any inputs will be appreciated.

Answer 1

Sockstress requires a successful TCP 3 way handshake to effectively fill the victims connection tables. This limits the attack's effectiveness as an attacker cannot spoof the client IP address to avoid traceability, but with Fantaip you can spoof your IP addresses that are not really in use by the attacking system. This makes the attack more effective, and also protects the attacking machine from the effects of the attack.