There have been known attacks through networks such as denial-of-service attacks (including distributed denial-of-service attacks). In a denial-of-service attack defense system that protects communication devices against such denial-of-service attacks, an edge router provided on an ISP network protects a server machine (hereinafter, “communication device”) as a target of an attack. Specifically, to protect a communication device against a SYN flood attack which is one of the denial-of-service attacks, the edge router on the ISP network provides a threshold for a traffic volume of SYN packets, and abandons some SYN packets at an exit of the LAN. More specifically, the ISP network is connected to the LAN including the communication device as the target of the attack, the transmission target of the SYN packets is the communication device, and the SYN packets to be abandoned are a portion which exceeds the threshold (see, for example, Patent document 1).