syn-ack-flood threshold

Use syn-ack-flood threshold to set the global threshold for triggering SYN-ACK flood attack prevention.

Use undo syn-ack-flood threshold to restore the default.


syn-ack-flood threshold threshold-value

undo syn-ack-flood threshold


The global threshold is 1000 for triggering SYN-ACK flood attack prevention.


Attack defense policy view

Predefined user roles




threshold-value: Specifies the threshold value. The value range is 1 to 1000000 in units of SYN-ACK packets sent to an IP address per second.

Usage guidelines

With global SYN-ACK flood attack detection configured, the device is in attack detection state. When the sending rate of SYN-ACK packets to an IP address reaches the threshold, the device enters prevention state and takes the specified actions. When the rate is below the silence threshold (three-fourths of the threshold), the device returns to the attack detection state.

The global threshold applies to global SYN-ACK flood attack detection. Adjust the threshold according to the application scenarios. If the number of SYN-ACK packets sent to a protected server, such as an HTTP or FTP server, is normally large, set a large threshold. A small threshold might affect the server services. For a network that is unstable or susceptible to attacks, set a small threshold.


# Set the global threshold to 100 for triggering SYN-ACK flood attack prevention in attack defense policy atk-policy-1.

<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] syn-ack-flood threshold 100

Related commands

syn-ack-flood action

syn-ack-flood detect

syn-ack-flood detect non-specific