Solved

syncattackprotect

Posted on 2010-09-24
8
349 Views
Last Modified: 2012-05-10
how can i check what is the status on this in the OS? what is the recommended setting on this?

thanks
0
Comment
Question by:anushahanna
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33755565
Do you mean Syn Attack DoS?
http://support.microsoft.com/kb/324270

"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
NOTE: All values are in hexadecimal unless otherwise noted.

    * Value name: SynAttackProtect
      Key: Tcpip\Parameters
      Value Type: REG_DWORD
      Valid Range: 0,1
      Default: 0

      This registry value causes Transmission Control Protocol (TCP) to adjust retransmission of SYN-ACKS. When you configure this value, the connection responses time out more quickly during a SYN attack (a type of denial of service attack).

      The following parameters can be used with this registry value:
          o 0 (default value): No SYN attack protection
          o 1: Set SynAttackProtect to 1 for better protection against SYN attacks. This parameter causes TCP to adjust the retransmission of SYN-ACKS. When you set SynAttackProtect to 1, connection responses time out more quickly if the system detects that a SYN attack is in progress. Windows uses the following values to determine whether an attack is in progress:
                + TcpMaxPortsExhausted
                + TCPMaxHalfOpen
                + TCPMaxHalfOpenRetried
      Note In Windows Server 2003 Service Pack 1, the default value for the SynAttackProtect registry entry is 1.
"
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33756487
Razmus,
I do not see SynAttackProtect option under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
or
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

does that mean it is just not set up.

thanks
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33756604
Yes, I believe that would mean it's not set up.
Has the server not yet received SP1?
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 6

Author Comment

by:anushahanna
ID: 33756687
it is at Enterprise 2003 OS with SP2.

it has to be manually setup?
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33756724
In that case, no... if you are post SP1, the default is protection enabled.
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33756843
>>if you are post SP1, the default is protection enabled.

and it will not be seen in registry, either?
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 33756907
Yes.
This article: http://support.microsoft.com/kb/910229 references an issue with windows 2003, when the SP is installed.
"To resolve this issue, use the regedit.exe utility to add a new DWORD value named SynAttackProtect to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ with value data of 00000000. "
Specifies specifically ADDING the key to the registry to be able to turn the feature off... the value defaults to 1 (on) if the key is missing.
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33756968
Thanks a bunch my friend.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question