HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
|
Data type |
Range |
Default value |
|
REG_DWORD
|
0x0–0xFFFF
|
0x5
|
Description
Determines how many connection requests the system can refuse before TCP/IP initiates
SYN flooding attack protection
. The system must refuse all connection requests when its reserve of open connection ports runs out. This entry is used only when SYN flooding attack protection is enabled on this server, that is, the value of the
SynAttackProtect
entry is 1 and the value of the
TcpMaxConnectResponseRetransmissions
entry is at least 2).
This entry establishes one of three configurable thresholds that, if exceeded, trigger TCP's SYN attack flooding protection feature. Because
SYN flooding
often consumes all reserved connection ports, TCP interprets an elevated number connection refusals and a depleted port reserve as a symptom of SYN flooding.
The other two thresholds are:
-
The total number of connections in the half-open (SYN-RCVD) state exceeds the value of the
TcpMaxHalfOpen
entry.
-
The number of connections that remain in the half-open (SYN-RCVD) state even after a connection request has been retransmitted exceeds the value of the
TcpMaxHalfOpenRetried
entry.
.gif)
Note
If the value of this entry is 0, SYN flooding protection is triggered as soon as the backlog of connection ports is consumed.
Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
Related Entries
.gif)
SynAttackProtect
TcpMaxConnectResponseRetransmissions
TCPMaxHalfOpen
TCPMaxHalfOpenRetried