By Prashant Bharadwaj
As you all might know, DoS is typically a kind of attack where the attacker repeatedly send SYN packets to you. When you have a Firewall or IPS you can be sure of protection. Without a Firewall, you can still enable protection and I will be speaking more about this in this post.
You should have heard about the TCP/IP service in Windows. By making a change in TCP/IP service we are going to enable DoS protection.
- Run regedit.exe
- Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters registry subkey.
- From the Edit menu, select New, DWORD Value.
- Enter the name TcpMaxHalfOpen, then press Enter.
- Double-click the new value, set it to 100, then click OK.
- Enter the name TcpMaxHalfOpenRetried, then press Enter.
- Double-click the new value, set it to 80, then click OK.
- Enter the name SynAttackProtect, then press Enter.
- Double-click the new value, set it to 1, then click OK.
- Reboot the machine.
When SynAttackProtect value is 0, it offers no protection. Value 1 indicate to delay the response Notification untill three way handshake is complete by the received by the SYN packet. By default, this is not invoke untill it exceeds the TcpMaxHalfOpen and TcpMaxHalfOpenRetried values. The values TcpMaxHalfOpen and TcpMaxHalfOpenRetried could be changed, and I strongly recommend to test with different settings in your environment, then choose the best ones.
No comments:
Post a Comment