DoS/DDoS attack is an attempt to let legitimate users of a service or network resource cannot access that service or resource.
To prevent SYN flood attack, a mechanism called "SYN Relay" can be enabled in the NetDefend firewall to protect the destination addresses used by a service from SYN flooding.
The SYN flood attack is launched by sending TCP connection requests faster than a machine can process them. The attacker sends SYN request to a server with spoofed source address, which will never reply to the server's SYN/ACK. Each SYN request fills in a new TCP connection into the server's connection table; when all the connections in the table are waiting for relies and the table is full, the server will not accept any new coming request. The requests from legitimate users are then ignored. The "SYN Relay" mechanism counters the attacks by hiding the protected sever behind the firewall. The firewall receives SYN request and makes sure that the connection is valid (that is, the SYN/ACK can be replied from the source) before sending a SYN packet to the server. If after a certain time, no ACK is received by the firewall, the connection is aborted.