61• With protection against Naptha attack enabled, the device periodically checks and records the number of TCPconnections in each state.• With protection against Naptha attack enabled, if the device detects that the number of TCP connections in astate exceeds the maximum number, the device considers that as Naptha attacks and accelerates the aging ofthese TCP connections. The device does not stop accelerating the aging of TCP connections until the number ofTCP connections in the state is less than 80% of the maximum number.Configuring TCP optional parametersTCP optional parameters that can be configured include:• synwait timer: When sending a SYN packet, TCP starts the synwait timer. If no response packet isreceived within the synwait timer interval, the TCP connection cannot be created.• finwait timer: When a TCP connection is changed into FIN_WAIT_2 state, the finwait timer isstarted. If no FIN packets is received within the timer interval, the TCP connection will be terminated.If a FIN packet is received, the TCP connection state changes to TIME_WAIT. If a non-FIN packet isreceived, the system restarts the timer upon receiving the last non-FIN packet. The connection isbroken after the timer expires.• Size of TCP receive/send bufferTo configure TCP optional parameters:To do… Use the command… Remarks1. Enter system view system-view —2. Configure the TCP synwaittimertcp timer syn-timeout time-valueOptional75 seconds by default.3. Configure the TCP finwait timer tcp timer fin-timeout time-value Optional675 seconds by default.4. Configure the size of TCPreceive/send buffer tcp window window-size Optional8 KB by default.The actual length of the finwait timer is determined by the following formula:• Actual length of the finwait timer = (Configured length of the finwait timer – 75) + configured length of thesynwait timerConfiguring ICMP to send error packetsSending error packets is a major function of ICMP. In case of network abnormalities, ICMP error packetsare usually sent by the network or transport layer protocols to notify corresponding devices so as tofacilitate control and management.