1-4z If MD5 authentication is enabled, the SYN Cookie feature will not function after enabled. Then, ifyou disable MD5 authentication, the SYN Cookie feature will be enabled automatically.z With the SYN Cookie feature enabled, only the MSS, instead of the window’s zoom factor andtimestamp, is negotiated during TCP connection establishment.Enabling Protection Against Naptha AttacksNaptha attacks are similar to the SYN Flood attacks. Attackers can perform Naptha attacks by using thesix TCP connection states (CLOSING, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, LAST_ACK, andSYN_RECEIVED), and SYN Flood attacks by using only the SYN_RECEIVED state.Naptha attackers control a huge amount of hosts to establish TCP connections with the server, keepthese connections in the same state (any of the six), and request for no data so as to exhaust thememory resource of the server. As a result, the server cannot process normal services.Protection against Naptha attacks reduces the risk of such attacks by accelerating the aging of TCPconnections in a state. After the feature is enabled, the device periodically checks the number of TCPconnections in each state. If it detects that the number of TCP connections in a state exceeds themaximum number, it will accelerate the aging of TCP connections in this state.Follow these steps to enable the protection against Naptha attack:To do... Use the command... RemarksEnter system view system-view —Enable the protectionagainst Naptha attack tcp anti-naptha enable RequiredDisabled by default.Configure the maximum ofTCP connections in astatetcp state { closing |established | fin-wait-1 |fin-wait-2 | last-ack |syn-received }connection-number numberOptional5 by default.If the maximum number of TCPconnections in a state is 0, theaging of TCP connections in thisstate will not be accelerated.Configure the TCP statecheck intervaltcp timer check-statetimer-valueOptional30 seconds by default.