syncattackprotect

how can i check what is the status on this in the OS? what is the recommended setting on this?

thanks
LVL 6
anushahannaAsked:
Who is Participating?
 
Rich WeisslerConnect With a Mentor Professional Troublemaker^h^h^h^h^hshooterCommented:
Yes.
This article: http://support.microsoft.com/kb/910229 references an issue with windows 2003, when the SP is installed.
"To resolve this issue, use the regedit.exe utility to add a new DWORD value named SynAttackProtect to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ with value data of 00000000. "
Specifies specifically ADDING the key to the registry to be able to turn the feature off... the value defaults to 1 (on) if the key is missing.
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
Do you mean Syn Attack DoS?
http://support.microsoft.com/kb/324270

"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
NOTE: All values are in hexadecimal unless otherwise noted.

    * Value name: SynAttackProtect
      Key: Tcpip\Parameters
      Value Type: REG_DWORD
      Valid Range: 0,1
      Default: 0

      This registry value causes Transmission Control Protocol (TCP) to adjust retransmission of SYN-ACKS. When you configure this value, the connection responses time out more quickly during a SYN attack (a type of denial of service attack).

      The following parameters can be used with this registry value:
          o 0 (default value): No SYN attack protection
          o 1: Set SynAttackProtect to 1 for better protection against SYN attacks. This parameter causes TCP to adjust the retransmission of SYN-ACKS. When you set SynAttackProtect to 1, connection responses time out more quickly if the system detects that a SYN attack is in progress. Windows uses the following values to determine whether an attack is in progress:
                + TcpMaxPortsExhausted
                + TCPMaxHalfOpen
                + TCPMaxHalfOpenRetried
      Note In Windows Server 2003 Service Pack 1, the default value for the SynAttackProtect registry entry is 1.
"
0
 
anushahannaAuthor Commented:
Razmus,
I do not see SynAttackProtect option under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
or
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

does that mean it is just not set up.

thanks
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
Yes, I believe that would mean it's not set up.
Has the server not yet received SP1?
0
 
anushahannaAuthor Commented:
it is at Enterprise 2003 OS with SP2.

it has to be manually setup?
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
In that case, no... if you are post SP1, the default is protection enabled.
0
 
anushahannaAuthor Commented:
>>if you are post SP1, the default is protection enabled.

and it will not be seen in registry, either?
0
 
anushahannaAuthor Commented:
Thanks a bunch my friend.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.