nukeSyn Flood Attacks? Try this to stop it.

by gotya ~ December 9th, 2009. Filed under: Dev.

Here is a solution i found that does work some in slowing down these syn floods or DDos attacks.  These guys use IRC bot net attacks. Google it if you dont know how they work.  But for all you Server providers i been helping some people on some programs to stop these guys from attacking there servers any longer.

Heres the step by step

Download Now or go to the Downloads section under Servers

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS]
Goto HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows
Under Windows, add a new key called Psched, it may already be there.
Under the key Psched, add a DWORD value named “MaxOutstandingSends” without quotes, of course.
Once you have created the DWORD value named MaxOutstandingSends, right click on it and click modify.
Under value data, put 65535. Under base, Hexadecimal should be chosen.
Here’s a few other registry values/keys to stop DoS/DDoS attacks in the event that you have a weak connection and your system can’t even withstand 65535 connections:
“SYNATTACKPROTECT”=DWORD:00000002
“TCPMAXDATARETRANSMISSIONS”=DWORD:3
“TCPMAXHALFOPEN”=DWORD:64
“TCPMAXHALFOPENRETRIED”=DWORD:50
“TCPMAXPORTSEXHAUSTED”=DWORD:1
“TCPMAXCONNECTRESPONERETRANSMISSIONS”=DWORD:HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS]
Goto HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows
Under Windows, add a new key called Psched, it may already be there.
Under the key Psched, add a DWORD value named “MaxOutstandingSends” without quotes, of course.
Once you have created the DWORD value named MaxOutstandingSends, right click on it and click modify.
Under value data, put 65535. Under base, Hexadecimal should be chosen.
Here’s a few other registry values/keys to stop DoS/DDoS attacks in the event that you have a weak connection and your system can’t even withstand 65535 connections:
“SYNATTACKPROTECT”=DWORD:00000002
“TCPMAXDATARETRANSMISSIONS”=DWORD:3
“TCPMAXHALFOPEN”=DWORD:64
“TCPMAXHALFOPENRETRIED”=DWORD:50
“TCPMAXPORTSEXHAUSTED”=DWORD:1
“TCPMAXCONNECTRESPONERETRANSMISSIONS”=DWORD:2
Share and Enjoy:
  • Print
  • Digg
  • Facebook
  • Google Bookmarks
  • HackerNews
  • Live
  • MySpace
  • Reddit
  • RSS
  • StumbleUpon
  • Twitter
  • Yahoo! Bookmarks
«
»
Subscribe

4 Responses to Syn Flood Attacks? Try this to stop it.

  1. gotyaNo Gravatar
    December 9th, 2009 at 12:13 pm

    Let me know if this works please or helps :)

  2. AussieslyNo Gravatar
    December 9th, 2009 at 12:15 pm

    Have applied this to my servers will update on how this goes soon :-)

  3. nzb searchNo Gravatar
    February 2nd, 2010 at 6:34 pm

    Nice job, just letting you know that for some reason in Firefox 2 your sidebar isn’t displaying correctly. That might just be me though. Great job regardless!

  4. freecandyNo Gravatar
    February 6th, 2010 at 4:27 am

    Thank you, I will look into that.

Leave a Reply