A. Firewall products can protect your machines from DoS attacks, and you should use a firewall whenever possible. However, built-in Windows functionality can also help protect against DoS attacks and quickly time out SYN requests. To enable this functionality, perform the following steps:
- Start a registry editor (e.g., regedit.exe).
- Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters registry subkey.
- From the Edit menu, select New, DWORD Value.
- Enter the name SynAttackProtect, then press Enter.
- Double-click the new value, set it to 2, then click OK.
- Close the registry editor.
- Reboot the machine.
The SynAttackProtect default value is 0, which offers no protection. A value of 1 limits the number of SYN retries and delays the route cache entry when the maximum number of open TCP connections (i.e., the connections in the SYN_RECEIVED state known as TcpMaxHalfOpen) and retries (i.e., TcpMaxHalfOpenRetried) has been met. When SynAttackProtect has a value of 2, the effect is similar to when the value is set to 1 but includes a delayed Winsock notification until the three-way handshake involved in the SYN process is complete. Because Windows invokes the SynAttackProtect value only after the system exceeds the TcpMaxHalfOpen and TcpMaxHalfOpenRetried values, I recommend that you also create the TcpMaxHalfOpen and TcpMaxHalfOpenRetried values under the same registry key (both DWORD values) and set them to 100 and 80, respectively.