1-2Enabling Forwarding of Directed Broadcasts to a Directly Connected NetworkIf a device is enabled to receive directed broadcasts, the device will determine whether to forward themaccording to the configuration on the outgoing interface.Follow these steps to enable the device to forward directed broadcasts:To do… Use the command… RemarksEnter system view system-view —Enter interface view interface interface-typeinterface-number —Enable the interface to forwarddirected broadcastsip forward-broadcast [ aclacl-number ]RequiredBy default, the device isdisabled from forwardingdirected broadcasts.z If an ACL is referenced in the ip forward-broadcast [ acl-number ] command, only packetspermitted by the ACL can be forwarded.z If you repeatedly execute the ip forward-broadcast acl [ acl-number ] command on an interface,the last executed command takes effect only. If the command executed last time does not includethe acl acl-number, the ACL configured previously will be removed.Configuring TCP AttributesEnabling the SYN Cookie FeatureAs a general rule, the establishment of a TCP connection involves the following three handshakes:1) The request originator sends a SYN message to the target server.2) After receiving the SYN message, the target server establishes a TCP connection in theSYN_RECEIVED state, returns a SYN ACK message to the originator, and waits for a response.3) After receiving the SYN ACK message, the originator returns an ACK message. Thus, the TCPconnection is established.Attackers may mount SYN Flood attacks during TCP connection establishment. They send a largenumber of SYN messages to the server to establish TCP connections, but they never make anyresponse to SYN ACK messages. As a result, a large amount of incomplete TCP connections areestablished, resulting in heavy resource consumption and making the server unable to handle servicesnormally.The SYN Cookie feature can prevent SYN Flood attacks. After receiving a TCP connection request, theserver directly returns a SYN ACK message, instead of establishing an incomplete TCP connection.Only after receiving an ACK message from the client can the server establish a connection, and thenenter the ESTABLISHED state. In this way, large amounts of incomplete TCP connections could beavoided to protect the server against SYN Flood attacks.