Sockstress is a denial of service attack that consumes server resources by opening many TCP connections. It was introduced in 2008 and targets vulnerabilities in how TCP handles connections. While tools exist to detect and prevent Sockstress, it remains a potential threat. The attack can be performed by one machine or multiple zombies to mask the source. Defenses include limiting connections per IP and dropping those with zero window responses. Monitoring server resources like RAM usage can also help detect Sockstress attacks. Penetration testing is needed to identify vulnerabilities like this and prove due diligence for organizations.