Data Centers

Quick Tip: Protect against DoS attacks in Win2K

One of the favorite tricks that hackers like to use to take down a targeted system is to flood it with traffic, which results in a Denial of Service (DoS). Here are some registry edits that you can use to defend Win2K systems against DoS attacks.

This tip was originally published in TechRepublic's Windows 2000 e-newsletter.


Denial of service (DoS) attacks are one of the most common methods hackers use to disable a system or, at the very least, severely impact its performance. Computers that sit behind a firewall are generally protected from most DoS attacks, but computers connected directly to the Internet are much more susceptible to these attacks.

Solution
There are a handful of registry settings you can apply to a Windows 2000 computer in order to harden it against DoS attacks. The options listed below are all DWORD values that reside in the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
\Parameters

  • SynAttackProtect: This setting protects against a SYN flood attack. Set to a value of 0, 1, or 2 for increasing levels of protection. The higher the value, the more delay Windows adds to connection attempts, causing TCP connection timeouts.
  • EnableDeadGWDetect: Set to 0 to prevent the computer from switching to a different gateway, which could otherwise occur if a DoS attack is in progress. A value of 1 allows the gateway switch.
  • EnablePMTUDiscovery: Set to 0 to prevent a hacker from forcing an MTU change to a small value and bogging down the TCP/IP protocol stack. Windows uses an MTU value of 576 bytes for all non-local connections with this setting at 0. Set to 1 to allow MTU discovery.
  • KeepAliveTime: Set this value (in milliseconds) to a relatively low number to decrease the length of time Windows sends a keep-alive packet to a remote computer to determine if the connection is still valid. Microsoft recommends a value of 300,000, or five minutes.

Also, set the following registry key to a value of 1 to prevent the computer from releasing its NetBIOS name when it receives a name-release request:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt
\Parameters \NoNameReleaseOnDemand


Note
Editing the registry can be risky, so be sure you have a verified backup before making any changes.

Editor's Picks

Free Newsletters, In your Inbox