应对DOS攻击的加固

修改或者增加注册表中的相应内容 XP 2K 2K3,记得先备份。

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters

EnableICMPRedirect – 0 – disables attacks that require the host to redirect ICMP based traffic.

SynAttackProtect – 1 or 2 -Setting the value to 1 will turn on SYN/ACK protection when the next two keys described are triggered. Setting the value to 2 will protect the host from SYN/ACK attacks by timing out open and half-open connections faster.

TCPMaxHalfOpen – 500 – This is the number of half-open connections allowed before SYN flood protection is initiated.

TCPMaxPortsExhausted – 5 -This determines how many connection requests the host can refuse before SYN flood protection is initiated.

TCPMaxDataRetransmission – 3 – This value determines how many times TCP will retransmit an unacknowledged data segment to an already existing connection.

EnableDeadGWDetect – 0 – This value dis-allows the host to determine if the default gateway is dead and allow it to change it to a backup gateway listed in the TCP/IP properties of the network adapter.

针对winsock应用

HKLM\System\CurrentControlSet\Services\AFD\Parameters

EnableDynamicBacklog – 1 – Enables the dynamic backlog

MinimumDynamicBacklog – 20 – Sets the minimum number of free connections to the Winsock endpoints.

MaximumDynamicBacklog – 20,000 – Sets the maximum limit of half-open and free connections to the Winsock endpoints

DynamicBacklogGrowthDelta – 10 – Sets the number of Winsock endpoints for an allocation pool.

应对DOS攻击的加固》有1个想法

发表评论