enable sync cookies to defend syn flood attack effectively: (in example of linux)
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
this is at OS level. the goal of the attack is NOT to establish valid tcp connections.
however litespeed's anti-dos feature is for attacks with ESTABLISHED tcp connections, so not for syn flood attack.