You can configure various TCP/IP parameters in the Windows registry in order to protect against network-level denial of service attacks including SYN flood attacks, ICMP attacks and SNMP attacks. You can configure registry keys to:
Enable SYN flood protection when an attack is detected .
Set threshold values that are used to determine what constitutes an attack.
This How To shows an administrator which registry keys and which registry values must be configured to protect against network-based denial of service attacks.
Note | These settings modify the way TCP/IP works on your server. The characteristics of your Web server will determine the best thresholds to trigger denial of service countermeasures. Some values may be too restrictive for your client connections. Test this document's recommendations before you deploy to a production server. |