Professional Documents
Culture Documents
In Windows, a protection allowing to detect and adjust the time when system is being targeted with a SYN flood attack, i.e., a type of denial of service attack. When the protection is enabled, responses of this connection time out more quickly in the event of an attack. Open your registry. Find the key below. Then create a new DWORD value which is called "SynAttackProtect." Set it to either 0, 1 or 2. Look at the table below. If you use this value, Transmission Control Protocol (TCP) adjusts retransmission of SYN-ACKS. In the case you modify this value, the connection responses time out more quickly in the event of a SYN attack, i.e. a type of denial of service attack. 0 (default) - typical protection against SYN attacks 1 - better protection against SYN attacks that uses the advanced values below. 2 (recommended) - best protection against SYN attacks. This value adds additional delays for connection indications, and TCP connection requests quickly timeout when a SYN attack is progressing. Optional Advanced Values If you want extra control, you can create the additional DWORD values in the same key for each of the items which are introduced below. In this case, they are not required for SynAttackProtect to be effective. TcpMaxHalfOpen - default value is "100" TcpMaxHalfOpenRetried - default value is "80" TcpMaxPortsExhausted - default value is "5" TcpMaxConnectResponseRetransmissions - default value is "3" Restart Windows for the changes to take effect.
(Default) REG_SZ (value not set) SynAttackProtect REG_DWORD 0x00000002 (2) TcpMaxHalfOpen REG_DWORD 0x00000064 (100) TcpMaxHalfOpenedRetried REG_DWORD 0x00000050 (64) TcpMaxPortsExhausted REG_DWORD 0x00000005 (5) TcpMaxConnectResponseRetrans... REG_DWORD 0x00000003 (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\P...
Registry Legend System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] Value Name: SynAttackProtect, Data Type: REG_DWORD (DWORD Value)
connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered. Set Additional Protections All the keys and values in this section are located under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are: Value name: TcpMaxConnectResponseRetransmissions Recommended value data: 2 Valid values: 0255 Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request. Value name: TcpMaxDataRetransmissions Recommended value data: 2 Valid values: 065535 Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection. Value name: EnablePMTUDiscovery Recommended value data: 0 Valid values: 0, 1 Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack. Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet. Value name: KeepAliveTime Recommended value data: 300000 Valid values: 804294967295 Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. Set NetBIOS Protections All the keys and values in this section are located under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters. These keys and values are: Value name: NoNameReleaseOnDemand Recommended value data: 1 Valid values: 0, 1 Description: Specifies to not release the NetBIOS name of a computer when it receives a name-release request. Use the values that are summarized in Table 1 for maximum protection. Table 1 Recommended Values
Value Name SynAttackProtect TcpMaxPortsExhausted TcpMaxHalfOpen TcpMaxHalfOpenRetried TcpMaxConnectResponseRetransmissions TcpMaxDataRetransmissions EnablePMTUDiscovery KeepAliveTime NoNameReleaseOnDemand