Wednesday, September 19, 2007

Preventing Denial of Service (DoS) Attacks -Windows 2000/2003

http://arunonfire.blogspot.com/2007/09/preventing-denial-of-service-dos.html

Denial of Service attacks are difficult to defend against. One approach is to harden the TCP/IP stack on a Windows 2000 server or workstation to help prevent DoS attacks .
By default, the TCP/IP stack is configured to handle normal traffic and to be robust under normal working conditions. If a Windows 2000 server or workstation is going to be exposed to the Internet, the TCP/IP stack should be reconfigured to handle the various TCP/IP protocol attacks.

All of the TCP/IP parameters are located under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

SynAttackProtect
Key: Tcpip\Parameters
Value Type: REG_DWORD—Boolean
Valid Range: 0, 1, 2
Default: 0


When enabled, this parameter causes TCP to adjust the retransmission of SYN-ACKS to cause connection responses to time out more quickly if it appears that there is a SYN-ATTACK in progress. This determination is based on the TcpMaxPortsExhausted parameter.

Parameters:
0: Default Value – Normal protection against SYN Attacks.

1: Better Protection - This parameter causes TCP to adjust the retransmission of SYN-ACKS to cause connection responses to time out more quickly if it appears that there is a SYN-ATTACK in progress. This determination is based on the TcpMaxPortsExhausted, TCPMaxHalfOpen, and TCPMaxHalfOpenRetried.

2: Best Protection – Adds in additional delays to connection indications to quickly timeout TCP connection requests when a SYN=Attack is in progress. This is the recommended setting. Note: When using this setting, the following socket options will no longer work: Scalable windows (RFC 1323) and per adapter configured TCP parameters (Initial RTT, window size).

Arun

No comments:

Powered By Blogger

Music...