Microsoft Windows Security - Protect Windows Systems Against SYN Flood Attacks


A SYN flood is a type of Denial of Service (DoS) attack that overwhelms a server by sending it repeated synchronization (SYN) packets, usually making these packets appear to come from fake or forged (spoofed) source IP addresses. The SYN packet is normally used to establish a TCP/IP connection as the first part of the TCP/IP handshake process. Attackers can exploit this characteristic of the TCP/IP protocol. When the server's connection table is full, legitimate users won't be able to connect to it.


A common defense against SYN floods is to decrease the timeout so that connection responses time out more quickly. You can configure Windows 2000/XP computers to do this by creating a new registry setting, as follows:


  1. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpipParameters.
  2. Create a REG_DWORD value called SynAttackProtect.
  3. Set the value data field to 2 for best protection against SYN flood attacks.

Go back