How can I protect my system from a Denial of Service (DoS) attack?
December 25, 2002
A. Firewall products can protect your machines from DoS attacks, and you should use a firewall whenever possible. However, built-in Windows functionality can also help protect against DoS attacks and quickly time out SYN requests. To enable this functionality, perform the following steps:
Start a registry editor (e.g., regedit.exe).
Navigate to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters registry subkey.
From the Edit menu, select New, DWORD Value.
Enter the name SynAttackProtect, then press Enter.
Double-click the new value, set it to 2, then click OK.
Close the registry editor.
Reboot the machine.
The SynAttackProtect default value is 0, which offers no protection. A value of 1 limits the number of SYN retries and delays the route cache entry when the maximum number of open TCP connections (i.e., the connections in the SYN_RECEIVED state known as TcpMaxHalfOpen) and retries (i.e., TcpMaxHalfOpenRetried) has been met. When SynAttackProtect has a value of 2, the effect is similar to when the value is set to 1 but includes a delayed Winsock notification until the three-way handshake involved in the SYN process is complete. Because Windows invokes the SynAttackProtect value only after the system exceeds the TcpMaxHalfOpen and TcpMaxHalfOpenRetried values, I recommend that you also create the TcpMaxHalfOpen and TcpMaxHalfOpenRetried values under the same registry key (both DWORD values) and set them to 100 and 80, respectively.
About the Author
You May Also Like