Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 358
  • Last Modified:

syncattackprotect

how can i check what is the status on this in the OS? what is the recommended setting on this?

thanks
0
anushahanna
Asked:
anushahanna
  • 4
  • 4
1 Solution
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
Do you mean Syn Attack DoS?
http://support.microsoft.com/kb/324270

"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
NOTE: All values are in hexadecimal unless otherwise noted.

    * Value name: SynAttackProtect
      Key: Tcpip\Parameters
      Value Type: REG_DWORD
      Valid Range: 0,1
      Default: 0

      This registry value causes Transmission Control Protocol (TCP) to adjust retransmission of SYN-ACKS. When you configure this value, the connection responses time out more quickly during a SYN attack (a type of denial of service attack).

      The following parameters can be used with this registry value:
          o 0 (default value): No SYN attack protection
          o 1: Set SynAttackProtect to 1 for better protection against SYN attacks. This parameter causes TCP to adjust the retransmission of SYN-ACKS. When you set SynAttackProtect to 1, connection responses time out more quickly if the system detects that a SYN attack is in progress. Windows uses the following values to determine whether an attack is in progress:
                + TcpMaxPortsExhausted
                + TCPMaxHalfOpen
                + TCPMaxHalfOpenRetried
      Note In Windows Server 2003 Service Pack 1, the default value for the SynAttackProtect registry entry is 1.
"
0
 
anushahannaAuthor Commented:
Razmus,
I do not see SynAttackProtect option under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
or
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

does that mean it is just not set up.

thanks
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
Yes, I believe that would mean it's not set up.
Has the server not yet received SP1?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
anushahannaAuthor Commented:
it is at Enterprise 2003 OS with SP2.

it has to be manually setup?
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
In that case, no... if you are post SP1, the default is protection enabled.
0
 
anushahannaAuthor Commented:
>>if you are post SP1, the default is protection enabled.

and it will not be seen in registry, either?
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
Yes.
This article: http://support.microsoft.com/kb/910229 references an issue with windows 2003, when the SP is installed.
"To resolve this issue, use the regedit.exe utility to add a new DWORD value named SynAttackProtect to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ with value data of 00000000. "
Specifies specifically ADDING the key to the registry to be able to turn the feature off... the value defaults to 1 (on) if the key is missing.
0
 
anushahannaAuthor Commented:
Thanks a bunch my friend.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now