Knowledgebase

(Is your server's network not living up to its potential? Order a server from us with promo code PACKETS for 15% off your first invoice)

SYN flooding attack protection of TCP/IP (SYNAttackProtect) for Windows Servers was added as an optional security measure in Windows 2000. In that OS version, network administrators can use a host of registry keys to configure this security feature. In the Windows 2003 Service Pack 1 update however, SYN flooding attack protection was no longer optional. It has been enabled by default and could not be disabled.

• Windows Server 2003 R2 – SYN flooding attack protection is enabled by default
• Windows Server 2008 – SYN flooding attack protection is enabled by default but there are other registry configurations independent sources recommend to catch spoofed traffic that may slip from SYNAttackProtect:

IMPORTANT

1. Back up your server and registry settings before you begin with any registry edits.
2. Test the changes in a non-production environment before you apply them on your production servers.

To begin, open your registry editor and go to this registry path:

HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters

Change the values of the following data to set up the specified rules:

 

• Windows Server 2008 R2 - To check if the SYN flooding attack protection is running, check your Event Trace Log (ETL) files and find the relevant TCP/IP entry. Use an elevated command prompt to run the said trace log:

     netsh trace start capture=yes provider=Microsoft-Windows-TCPIP level=0x05 tracefile=TCPIP.etl

To stop the ETL trace, run:

     netsh trace stop