It's someone attempting to fill up the RAM on the servers by initiating partially formed requests. Unlike a DDoS attack it only requires a few low bandwidth requests vs lots of high bandwidth pings.
Think of it like answering the phone, if someone kept calling and you had to answer every time but there was no one on the other end. Harmless, but it takes up lots of time and you can't get anything else done.
We'll just put CloudFlare in a heightened state of alert for a few days which is very effective at mitigating this type of attack.
Our servers are behind 3 layers of DDoS protection and thus immune to all but the largest attacks. However, they don't have unlimited RAM, so that's a valid (and smart) way to get our attention.