TcpMaxHalfOpenRetried
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
TcpMaxHalfOpenRetried
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
| Data type | Range | Default value |
|---|---|---|
REG_DWORD |
0x50 (80)–0xFFFFFFFF |
Windows Server 2003: 0x190 (400) Windows XP Professional: 0x50 (80) |
Description
Specifies how many connections the server can maintain in the half-open(SYN-RCVD) state even after a connection request has been retransmitted. If the number of connections exceeds the value of this entry, then TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server, that is, when the value of the SynAttackProtect entry is 1 and the value of the TcpMaxConnectResponseRetransmissions entry is at least 2.
This entry establishes one of three configurable thresholds that, if exceeded, trigger TCP's SYN attack flooding protection feature. Because SYN flooding often results in many half-open connections, TCP interprets an elevated number of half-open connections to be a symptom of SYN flooding.
The other two thresholds are:
The total number of connections in the half-open(SYN-RCVD) state exceeds the value of the TcpMaxHalfOpen entry.
The number of connection requests that the system refuses exceeds the value of the TcpMaxPortsExhausted entry. The system must refuse all connection requests when its reserve of open connection ports runs out.
Notes
The value of this entry should be less than the value of the TcpMaxHalfOpen entry.
Windows Server 2003 does not add this entry to the registry. You can add it by using the registry editor Regedit.exe.