Denial of Service (DoS) attacks keep Web servers or the network busy processing improperly formed request packets. Some DoS attacks cause servers to shut down by exploiting a known bug in the server software. Here's a description of the most common DoS attacks. Not all of these fixes have been tested, so use them at your own risk.

A Smurf attack is a network-based attack that Windows NT cannot avoid. Instead, your Internet Service Provider (ISP) handles this attack through router filtering.

A SYN attack occurs when a hacker sends packets to a Web server, often with bogus source addresses. These packets cause the server to allocate resources for connections that are not real, which affects server performance. Running the NETSTAT program we described in Remote Web Administration, Part 1 helps you detect a SYN attack. Configuring the Registry as described in Microsoft's Support Online article "Internet Server Unavailable Because of Malicious SYN Attacks" (http://support.microsoft.com/support/kb/articles/q142/6/41.asp) controls this attack.

The Land attack is a variation of the SYN attack. The source address is spoofed to be the same as the destination address. Microsoft's Support Online article "Windows NT Slows Down Because of Land Attack" (http://support.microsoft.com/support/kb/articles/q165/0/05.asp) describes the fix for a Land attack.

The Out-of-Bound (OOB) data attack exploits a bug in the TCP/IP stack. Microsoft's Support Online article "Stop 0A in Tcpip.sys When Receiving Out Of Band (OOB) Data" (http://support.microsoft.com/support/kb/articles/q143/4/78.asp) explains the problem and its hotfix.

The Ping O' Death and Teardrop attacks are two examples from a class of attacks. These attacks send malformed packets or packets with misleading header information to a server. You can find descriptions of these attacks and their fixes in Microsoft's Support Online articles "Invalid ICMP Datagram Fragments Hang Windows NT, Windows 95" (http://support.microsoft.com/support/kb/articles/q154/1/74.asp) and "STOP 0x0000000A or 0x00000019 Due to Modified Teardrop Attack" (http://support.microsoft.com/support/kb/articles/q179/1/29.asp).

The Internet Information Server (IIS) URL-length bug is a buffer problem in IIS that causes IIS to crash when it receives a URL that is 4KB to 8KB in length. Microsoft's Support Online article "IIS Services Stop with Large Client Requests" (http://support.microsoft.com/support/kb/articles/q143/4/84.asp) explains this attack and its NT hotfix.