SP 52045: Set the SYN Attack “TcpMaxHalfOpenRetried” parameter in Windows
Symptom: There are many symptoms to a SYN attack. As an example, a client with hostile intent sends as many SYN packets as possible (maybe thousands per second or even much, much more) and instead of using the correct 'from address' in the SYN packet they just make one up. This is called 'address spoofing'.
Resolution: Modify the system registry settings to set the “TcpMaxHalfOpenRetried” setting to 400.
Additional Information: The “TcpMaxHalfOpenRetried” registry entry defines the maximum number of half-open connections, for which the operating system has performed at least one retransmission, before SYN protection begins to operate.
Category:
Security
