JSI Tip 9357. The event log indicates that a client computer attempted a Denial-Of-Service attack against your 64-bit version of Windows Server 2003?
May 16, 2005
Your Application event log contains:
Event ID: 2025
Source: SRV
Description: The server has detected an attempted Denial-Of-Service attack from client \computer_name, and has disconnected the connection.
As indicated, clients are disconnected from the server.
This behavior will occur when the server is under high-stress, such as during very heavy network traffic.
I have scripted MaxMpxCt.bat to increase the number of concurrent commands that can be outstanding between a client and a server.
The syntax for using MaxMpxCt.bat is:
MaxMpxCt Number
Where Number is the number of concurrent outstanding network requests that are allowed, in the range of 50 - 65535. DO NOT set the Number too high as each additional concurrent command consumes resources, such as paged pool memory. The default value is 50.
NOTE - If you set Number to 0, instead of altering the number of concurrent outstanding network requests, MaxMpxCt.bat will disable Denial-Of-Service detection, BUT I WOULDN'T DO THIS ON MY NETWORK.
MaxMpxCt.bat contains:
@echo offif {%1}=={} @echo Syntax: MaxMpxCt Number&goto :EOFsetlocalset key=HKLMSystemCurrentControlSetServicesLanmanServerParametersif "%1" EQU "0" goto NDOSset IN=%1set /a Number=100000%IN%%%100000if "%IN%" NEQ "%Number%" @echo Syntax: MaxMpxCt Number&endlocal&goto :EOF@echo REG ADD %key% /V MaxMpxCt /T REG_DWORD /F /D %Number%REG ADD %key% /V MaxMpxCt /T REG_DWORD /F /D %Number%endlocalgoto :EOF:NDOS@echo REG ADD %key% /V DisableDos /T REG_DWORD /F /D 1REG ADD %key% /V DisableDos /T REG_DWORD /F /D 1endlocal
About the Author
You May Also Like