How to Stop a SYN Flood Attack


A SYN flood attack is a type of denial of service attack in which the recipient's server is overloaded with TCP requests. A TCP request is a stream of information from one computer to another. In normal communication between a client and a server, the client sends a SYN message. The server returns a message called an ACK, which stands for acknowledged, to the client. The client then returns an ACK message back to the server. This is known as a three-way handshake. A SYN attack is one in which the client sends waves of SYN messages to the server using a spoofed, or fake, IP address. Since the IP address is spoofed, the server sends an ACK message that is never returned. The server waits for the ACK message from the client and uses resources in the process. Flooding the server with ACK messages causes its resources to dwindle, and the server becomes slow or unresponsive to other clients. The Internet Information Server (IIS) hosts the applications that hackers attempt to infiltrate. Protecting your IIS server from SYN attacks is accomplished by adding settings to the Windows registry.

  • Click the Windows "Start" button and select "Run." Enter "regedit" in the text box and click the "Enter" key. This opens the Windows registry, where you will add the settings.

  • Navigate to the folder "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services" in the registry. New values for this key will be added to prevent the server from using resources during a SYN attack.

  • Right-click the "Services" folder and select "New Key" and choose "DWORD" as the value. Enter "SynAttackProtect" for the key name. Enter "2" as the value. This provides the best defense against a SYN attack by making the connection time out more quickly. The "2" represents the amount of time the IIS server will wait before it stops expecting a reply from the client. By stopping this time sooner, it frees up resources sooner and stops the server from waiting too long, saving websites from poor performance during SYN attacks. This is the recommended value by Microsoft.

  • Right-click the "Service" folder and select "New Key" and choose "DWORD" for the type. Enter "EnableDeadGWDetect" for the name. Enter the value of "0" in the text box. This disables the host from sending traffic to an unintended gateway, which could cause a breach in security.

  • Right-click the "Service" folder and select "New Key" and choose "DWORD" for the type. Enter "EnablePMTUDiscovery" as the name and enter "0" for the value. This disables the use of high amounts of resources on the computer, protecting it from memory overload and crashes.

  • Close the registry and reboot the computer for the changes to take effect.

Related Searches


  • Photo Credit
Promoted By Zergnet


You May Also Like

  • Ways to Prevent Floods

    Flooding means there is an excess of water on land that is normally dry. Floods can be caused by heavy rainfall, hurricanes,...

  • Types of Flood Defenses

    Flooding is the natural result of the presence of too much water. To protect residential and agricultural areas, a number of flood...

Related Searches

Is DIY in your DNA? Become part of our maker community.
Submit Your Work!