JSI Tip 9357. The event log indicates that a client computer attempted a Denial-Of-Service attack against your 64-bit version of Windows Server 2003?

Jerold Schulman

May 16, 2005

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Your Application event log contains:

Event ID: 2025
Source: SRV
Description: The server has detected an attempted Denial-Of-Service attack from client \computer_name, and has disconnected the connection.

As indicated, clients are disconnected from the server.

This behavior will occur when the server is under high-stress, such as during very heavy network traffic.

I have scripted MaxMpxCt.bat to increase the number of concurrent commands that can be outstanding between a client and a server.

The syntax for using MaxMpxCt.bat is:

MaxMpxCt Number

Where Number is the number of concurrent outstanding network requests that are allowed, in the range of 50 - 65535. DO NOT set the Number too high as each additional concurrent command consumes resources, such as paged pool memory. The default value is 50.
NOTE - If you set Number to 0, instead of altering the number of concurrent outstanding network requests, MaxMpxCt.bat will disable Denial-Of-Service detection, BUT I WOULDN'T DO THIS ON MY NETWORK.

MaxMpxCt.bat contains:

@echo offif {%1}=={} @echo Syntax: MaxMpxCt Number&goto :EOFsetlocalset key=HKLMSystemCurrentControlSetServicesLanmanServerParametersif "%1" EQU "0" goto NDOSset IN=%1set /a Number=100000%IN%%%100000if "%IN%" NEQ "%Number%" @echo Syntax: MaxMpxCt Number&endlocal&goto :EOF@echo REG ADD %key% /V MaxMpxCt /T REG_DWORD /F /D %Number%REG ADD %key% /V MaxMpxCt /T REG_DWORD /F /D %Number%endlocalgoto :EOF:NDOS@echo REG ADD %key% /V DisableDos /T REG_DWORD /F /D 1REG ADD %key% /V DisableDos /T REG_DWORD /F /D 1endlocal



Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like