SP 52048: Set the SYN Attack “TcpMaxConnectResponseRetransmissions” parameter in Windows
Symptom: There are many symptoms to a SYN attack. As an example, a client with hostile intent sends as many SYN packets as possible (maybe thousands per second or even much, much more) and instead of using the correct 'from address' in the SYN packet they just make one up. This is called 'address spoofing'.
Resolution: Modify the system registry settings to set the “TcpMaxConnectResponseRetransmissions” setting.
Additional Information: The “TcpMaxConnectResponseRetransmissions” registry value determines how many times TCP retransmits an unanswered SYN-ACK (connection request acknowledgment). TCP retransmits acknowledgments until they are answered or until this value expires.
Category:
Security
