AFD.SYS Protections


The following keys specify parameters for the kernel mode driver Afd.sys. Afd.sys is used to support Windows sockets applications. All of the keys and values in this section are located under the registry key HKLM\System\CurrentControlSet\Services\AFD\Parameters . These keys and values are:

  • Value: EnableDynamicBacklog

    Recommended value data: 1

    Valid values: 0 (disabled), 1 (enabled)

    Description: Specifies AFD.SYS functionality to withstand large numbers of SYN_RCVD connections efficiently . For more information, see "Internet Server Unavailable Because of Malicious SYN Attacks," at http://support.microsoft.com/default.aspx?scid=kb;en-us;142641.

  • Value name : MinimumDynamicBacklog

    Recommended value data: 20

    Valid values: 0 “4294967295

    Description: Specifies the minimum number of free connections allowed on a listening endpoint. If the number of free connections drops below this value, a thread is queued to create additional free connections

  • Value name: MaximumDynamicBacklog

    Recommended value data: 20000

    Valid values: 0 “4294967295

    Description: Specifies the maximum total amount of both free connections plus those in the SYN_RCVD state.

  • Value name: DynamicBacklogGrowthDelta

    Recommended value data: 10

    Valid values: 0 “4294967295

    Present by default: No

    Description: Specifies the number of free connections to create when additional connections are necessary.

Use the values summarized in Table 4 for maximum protection.

Table 4: Recommended Values

Value Name

Value (REG_DWORD)

EnableDynamicBacklog

1

MinimumDynamicBacklog

20

MaximumDynamicBacklog

20000

DynamicBacklogGrowthDelta

10




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net