refer url:
http://www.binarytides.com/syn-flood-dos-attack/
http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos-security-swconfig-security/id-34128.html
cisco solution:
refer: http://www.sans.org/security-resources/idfaq/syn_flood.php
The TCP intercept feature works by intercepting and validating TCP connection requests. The feature can operate in two modes: intercept and watch. In intercept mode, the router intercepts incoming TCP synchronization requests and establishes a connection with the client on the server’s behalf-and with the server on the clients’ behalf. If both connections are successful, the router transparently merges the two connections. The router has aggressive timeouts to prevent its own resources from being consumed by a SYN attack. In watch mode, the router passively watches half-open connections and will actively close connections on the server after a configurable length of time. Access lists are defined to specify which source and destination packets are subject to TCP intercept.
NTP REFLECTION:
http://unsuspectingbit.com/ntp-based-ddos-attack-understanding-ntp-reflection/