http://arunonfire.blogspot.com/2007/09/preventing-denial-of-service-dos.html
Denial of Service attacks are difficult to defend against. One approach is to harden the TCP/IP stack on a Windows 2000 server or workstation to help prevent DoS attacks .
By default, the TCP/IP stack is configured to handle normal traffic and to be robust under normal working conditions. If a Windows 2000 server or workstation is going to be exposed to the Internet, the TCP/IP stack should be reconfigured to handle the various TCP/IP protocol attacks.
All of the TCP/IP parameters are located under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
SynAttackProtect
Key: Tcpip\Parameters
Value Type: REG_DWORD—Boolean
Valid Range: 0, 1, 2
Default: 0
When enabled, this parameter causes TCP to adjust the retransmission of SYN-ACKS to cause connection responses to time out more quickly if it appears that there is a SYN-ATTACK in progress. This determination is based on the TcpMaxPortsExhausted parameter.
Parameters:
0: Default Value – Normal protection against SYN Attacks.
1: Better Protection - This parameter causes TCP to adjust the retransmission of SYN-ACKS to cause connection responses to time out more quickly if it appears that there is a SYN-ATTACK in progress. This determination is based on the TcpMaxPortsExhausted, TCPMaxHalfOpen, and TCPMaxHalfOpenRetried.
2: Best Protection – Adds in additional delays to connection indications to quickly timeout TCP connection requests when a SYN=Attack is in progress. This is the recommended setting. Note: When using this setting, the following socket options will no longer work: Scalable windows (RFC 1323) and per adapter configured TCP parameters (Initial RTT, window size).
Arun
No comments:
Post a Comment