- Joined
- Dec 16, 2011
- Messages
- 1,994
- Reaction score
- 633
You need to edit and create values in your regedit to limit the time the connection is opened before it drops the connection. And for this, I'll explain how to drop the connection instead of keeping it opened for a longer time;
* First of all, you'll need to run 'regedit', you can use Run to open it up!
* Once your registry edit is opened, you'll need to locate yourself to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services (This is in the dropdown section - Image shown below)
* Then you have to Right click on the Services folder, and select New Key and choose DWORD, and for the name, call it SynAttackProtect and give its value 2
- Setting this to 2, will timeout the connection faster, and it'll drop the connection, instead of keeping the connection open [Server -> User] for a long time.
* Do the same step as above, but this time the name will be EnableDeadGWDetect and the value will be 0. This will disable the host from sending traffic to an unintended gateway.
* You will also need to repeat the process as above, but yet again you'll need to make a new one under the name EnablePMTUDiscovery and give it a value of 0. This disables the use of high ammounts of resources used on the server, and it will help stop memory overload and crashes.
Once you've done that, you can now close regedit, and you can then reboot your server, and this will stop/slow down SYN attacks!
This tutorial was written by me, with research from Google
I'll make a video for you guys soon!
This is also tested, and works!
* First of all, you'll need to run 'regedit', you can use Run to open it up!
* Once your registry edit is opened, you'll need to locate yourself to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services (This is in the dropdown section - Image shown below)
* Then you have to Right click on the Services folder, and select New Key and choose DWORD, and for the name, call it SynAttackProtect and give its value 2
- Setting this to 2, will timeout the connection faster, and it'll drop the connection, instead of keeping the connection open [Server -> User] for a long time.
* Do the same step as above, but this time the name will be EnableDeadGWDetect and the value will be 0. This will disable the host from sending traffic to an unintended gateway.
* You will also need to repeat the process as above, but yet again you'll need to make a new one under the name EnablePMTUDiscovery and give it a value of 0. This disables the use of high ammounts of resources used on the server, and it will help stop memory overload and crashes.
Once you've done that, you can now close regedit, and you can then reboot your server, and this will stop/slow down SYN attacks!
This tutorial was written by me, with research from Google
a SYN attack is where an attacker basically connects to your server, and your server receives this connection, but before the server can reply back to the connector (attacker) they change their IP, this can be done in the programs they use, and the connection between the server and the sender (keep in mind that the sender has now changed their IP, and the server won't be able to reach the sender) - and because the IP's been changed, that means the server is still trying to connect and receive information from your computer/IP, this connection keeps open for a while until it stops, but when the attacker has programs to automatically do this, they can send and change their IP multiple times, and, it's still flooding your server until it goes under a SYN attack, and by using my tutorial, this will reduce the time that the connection from the sender is opened for, and it will reduce SYN floods and help stop attackers.
This has indeed been tested, and it does actually work!
Another thing is that SYN floods are also un-detectable by normal Anti-DoS firewalls, like KiwiGuard, and connection viewers, like Peerblock, because the IP of the attacker changes for each SYN sent to your server.
I'll make a video for you guys soon!
This is also tested, and works!
Last edited: