1084Predefined user rolesnetwork-adminParametersthreshold-value: Specifies the threshold value. The value range is 1 to 1000000 in units of SYN-ACKpackets sent to an IP address per second.Usage guidelinesThe global threshold applies to global SYN-ACK flood attack detection. Adjust the thresholdaccording to the application scenarios. If the number of SYN-ACK packets sent to a protected server,such as an HTTP or FTP server, is normally large, set a large threshold. A small threshold mightaffect the server services. For a network that is unstable or susceptible to attacks, set a smallthreshold.With global SYN-ACK flood attack detection configured, the device is in attack detection state. Whenthe sending rate of SYN-ACK packets to an IP address reaches the threshold, the device entersprevention state and takes the specified actions. When the rate is below the silence threshold(three-fourths of the threshold), the device returns to the attack detection state.Examples# Set the global threshold to 100 for triggering SYN-ACK flood attack prevention in the attackdefense policy atk-policy-1. system-view[Sysname] attack-defense policy atk-policy-1[Sysname-attack-defense-policy-atk-policy-1] syn-ack-flood threshold 100Related commandssyn-ack-flood actionsyn-ack-flood detectsyn-ack-flood detect non-specificsyn-flood actionUse syn-flood action to specify global actions against SYN flood attacks.Use undo syn-flood action to restore the default.Syntaxsyn-flood action { client-verify | drop | logging } *undo syn-flood actionDefaultNo global action is specified for SYN flood attacks.ViewsAttack defense policy viewPredefined user rolesnetwork-adminParametersclient-verify: Adds the victim IP addresses to the protected IP list for TCP client verification. If TCPclient verification is enabled, the device provides proxy services for protected servers.drop: Drops subsequent SYN packets destined for the victim IP addresses.