Protect Against SYN Flood Attacks
Windows includes protection that allows it to detect and adjust when the system is being targeted with a SYN flood attack (a type of denial of service attack). When enabled the connection responses time out more quickly in the event of an attack.
Open your registry and find the key below.
Create a new DWORD value called "SynAttackProtect" and set it to either 0, 1 or 2 based on the table below.
This value causes Transmission Control Protocol (TCP) to adjust retransmission of SYN-ACKS. When you configure this value, the connection responses time out more quickly in the event of a SYN attack (a type of denial of service attack).
0 (default) - typical protection against SYN attacks
1 - better protection against SYN attacks that uses the advanced values below.
2 (recommended) - best protection against SYN attacks. This value adds additional delays to connection indications, and TCP connection requests quickly timeout when a SYN attack is in progress.
Optional Advanced Values
For extra control you can create these additional DWORD values in the same key for each of the items below. They are not required for SynAttackProtect to be effective.
TcpMaxHalfOpen - default value is "100"
TcpMaxHalfOpenRetried - default value is "80"
TcpMaxPortsExhausted - default value is "5"
TcpMaxConnectResponseRetransmissions - default value is "3"
Restart Windows for the changes to take effect.
Note: When SynAttackProtect is using the best protection option then Scalable windows and TCP parameters that are configured on each adapter (including Initial RTT and window size) are no longer available.
Settings:
System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
Name: SynAttackProtect,
Type: REG_DWORD (DWORD Value)
Open your registry and find the key below.
Create a new DWORD value called "SynAttackProtect" and set it to either 0, 1 or 2 based on the table below.
This value causes Transmission Control Protocol (TCP) to adjust retransmission of SYN-ACKS. When you configure this value, the connection responses time out more quickly in the event of a SYN attack (a type of denial of service attack).
0 (default) - typical protection against SYN attacks
1 - better protection against SYN attacks that uses the advanced values below.
2 (recommended) - best protection against SYN attacks. This value adds additional delays to connection indications, and TCP connection requests quickly timeout when a SYN attack is in progress.
Optional Advanced Values
For extra control you can create these additional DWORD values in the same key for each of the items below. They are not required for SynAttackProtect to be effective.
TcpMaxHalfOpen - default value is "100"
TcpMaxHalfOpenRetried - default value is "80"
TcpMaxPortsExhausted - default value is "5"
TcpMaxConnectResponseRetransmissions - default value is "3"
Restart Windows for the changes to take effect.
Note: When SynAttackProtect is using the best protection option then Scalable windows and TCP parameters that are configured on each adapter (including Initial RTT and window size) are no longer available.
Settings:
System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
Name: SynAttackProtect,
Type: REG_DWORD (DWORD Value)