Encontrei o seguinte em Protocolos e Serviços TCP / IP do Windows Server 2008 .
To see a SYN attack in progress on a computer running Windows Server 2008 or Windows Vista, use the Netstat.exe tool at a command prompt to display the active TCP connections. For example:
This is an example of a SYN attack. There are a number of TCP connections in the SYN_ RECEIVED state, and the foreign address is a spoofed private address with incrementally increasing TCP port numbers. The SYN_RECEIVED is the state of a TCP connection that has received a SYN, sent a SYN-ACK, and is waiting for the final ACK.
que é confuso, porque mais tarde diz:
TCP in Windows Server 2008 and Windows Vista use SYN attack protection to prevent a SYN attack from overwhelming the computer.
... então, se esse é o caso, como o comando acima ajudaria?