| 114 |
| Denial of service (DoS) attacks |
| Denial of service (DoS) attacks are one of the most common methods hackers use to disable a |
| system or, at the very least, to severely impact its performance. Computers that sit behind a |
| firewall are generally protected from most DoS attacks, but computers connected directly to the |
| Internet are much more susceptible to these attacks. |
| There are a handful of registry settings you can apply to a Windows 2000 computer in order to |
| harden it against DoS attacks, including these: |
| SynAttackProtect: This setting protects against a SYN flood attack. Set to a value of 0, 1, or 2 for |
| increasing levels of protection. The higher the value, the more delay Windows adds to connection |
| attempts, causing TCP connection timeouts. |
| EnableDeadGWDetect: Set to 0 to prevent the computer from switching to a different gateway, |
| which could otherwise occur if a DoS attack is in progress. A value of 1 allows the gateway switch. |
| EnablePMTUDiscovery: Set to 0 to prevent a hacker from forcing an MTU change to a small value |
| and bogging down the TCP/IP protocol stack. Windows uses an MTU value of 576 bytes for all |
| nonlocal connections with this setting at 0. Set to 1 to allow MTU discovery. |
| KeepAliveTime: Set this value (in milliseconds) to a relatively low number to decrease the length |
| of time Windows sends a keep-alive packet to a remote computer to determine if the connection is |
| still valid. Microsoft recommends a value of 300,000, or five minutes. |
| All of these DWORD values reside in registry key: |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ |
| Also, set the following registry key to a value of 1 to prevent the computer from releasing its |
| NetBIOS name when it receives a name-release request: |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\ |
| Note: Editing the registry can be risky, so be sure you have a verified backup before making any |
First Previous Next Last |