SP 52044: Set the SYN Attack “TcpMaxHalfOpen” parameter in Windows
Symptom: There are many symptoms to a SYN attack. As an example, a client with hostile intent sends as many SYN packets as possible (maybe thousands per second or even much, much more) and instead of using the correct 'from address' in the SYN packet they just make one up. This is called 'address spoofing'.
Resolution: Modify the system registry settings to set the “TcpMaxHalfOpen” setting to 500.
Additional Information: The “TcpMaxHalfOpen” registry entry defines the maximum number of SYN RECEIVED states which can be handled concurrently before SYN protection starts working.
Category:
Security
