The TCP Defend Fin Attack solution provides a simple, single tuning option, the Minimum Threshold parameter. In the TCP stack, the wait states (FIN_WAIT1, FIN_WAIT2, CLOSED_WAIT, LAST_ACK and CLOSING) are arranged in ascending order of importance by considering which of the states are less risky to terminate. The order is static.
The stack assumes that there is no risk in terminating all connections in a less important state. According to the arrangement of states, if a less important connection is over using resources then it is selected. Alternately, if an important state is over using and the less important states do not dominate, it would be selected for reset only. At any given point in time a Minimum Threshold number of connections will be permitted.
For more information on this, see TCP Defend Land Attacks.