It sounds like what you are looking to do is to test how the web server reacts to various flavors of Denial of Service attacks.

Something to consider is what is the Denial of Service logic in the web server and how is Denial of Service protection typically implemented in web servers. For instance is there logic to cap the number of concurrent connections or the number of concurrent connections from the same IP or to monitor the amount of traffic so as to throttle it or to disconnect if the amount of traffic exceeds some threshold.

One thing to consider is to not just push lots of bytes through the TCP/IP socket. The web server is interpreting the bytes and is expecting the HTTP protocol to be used. So what happens if you do strange and unusual things with the HTTP protocol as well as other protocols that are built onto HTTP.

For options 3 and 4 it sounds like you are considering bypassing the TCP/IP stack with its windowing logic and to just send a stream of TCP protocol packets ignoring reply packets until something smokes. This would be more of a test of the TCP stack robustness on the server rather than the robustness of the web server itself.