2. 技术人生
    3. 在Windows中加固TCPIP协议栈以抵御拒绝服务的攻击[ZT]

    在Windows中加固TCPIP协议栈以抵御拒绝服务的攻击[ZT]

    技术2022-05-11  74

    可能大家在其他很多地方都看到过在Windows中通过修改注册表来加固TCP/IP协议栈以抵御拒绝服务的攻击,不过基本上是针对Windows 2000的。在此我想提醒大家,Windows 2000和Windows Server 2003中启用SYN攻击保护的键值不一样。在Windows 2000中,通常是设置SynAttackProtect键值为dword:2以获得最有效的SYN攻击保护,但是在Windows Server 2003中,SynAttackProtect键值只具有0和1这两个值,只是在键值设置为dword:1时启用SYN攻击保护。

    关于它们之间的区别,请参见微软知识库文章:

    HOW TO:在 Windows 2000 中加固 TCP/IP 协议栈以抵御拒绝服务的攻击 和

    HOW TO:在 Windows Server 2003 中加固 TCP/IP 堆栈以抵御拒绝服务攻击

    关于这些键值更为详细的信息,请参见微软安全指南文章如何:强化 TCP/IP 堆栈安全,不过这篇文章中描述的部分键值位置有误,具体位置请参见前面相关的两篇知识库文章。

    在此我为大家创建了两个分别针对Windows 2000和Windows Server 2003的注册表文件,导入后即可启用SYN攻击保护。

    For Windows 2000(文件名后缀为.txt,右击后选择目标另存为,保存后修改文件扩展名为.reg再导入注册表即可),或者将以下内容复制后导入到注册表中:

    ---------------------------------------------------------------------------------

    Windows Registry Editor Version 5.00  

    [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] "SynAttackProtect"=dword:2 "TcpMaxPortsExhausted"=dword:5 "TcpMaxHalfOpen"=dword:500 "TcpMaxHalfOpenRetried"=dword:400 "TcpMaxConnectResponseRetransmissions"=dword:2 "TcpMaxDataRetransmissions"=dword:2 "EnablePMTUDiscovery"=dword:0 "KeepAliveTime"=dword:300000 "NoNameReleaseOnDemand"=dword:1 "DefaultTTL"=dword:256 "EnableDeadGWDetect"=dword:0 "DisableIPSourceRouting"=dword:1 "EnableFragmentChecking"=dword:1 "EnableMulticastForwarding"=dword:0 "IPEnableRouter"=dword:0 "EnableAddrMaskReply"=dword:0

    [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/AFD/Parameters] "EnableICMPRedirect"=dword:0 "EnableDynamicBacklog"=dword:1 "MinimumDynamicBacklog"=dword:20 "MaximumDynamicBacklog"=dword:20000 "DynamicBacklogGrowthDelta"=dword:10 ---------------------------------------------------------------------------------

     

     

    For Windows Server 2003(文件名后缀为.txt,右击后选择目标另存为,保存后修改文件扩展名为.reg再导入注册表即可),或者将以下内容复制后导入到注册表中:

    ---------------------------------------------------------------------------------

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] "SynAttackProtect"=dword:1 "TcpMaxPortsExhausted"=dword:5 "TcpMaxHalfOpen"=dword:500 "TcpMaxHalfOpenRetried"=dword:400 "TcpMaxConnectResponseRetransmissions"=dword:2 "TcpMaxDataRetransmissions"=dword:2 "EnablePMTUDiscovery"=dword:0 "KeepAliveTime"=dword:300000 "NoNameReleaseOnDemand"=dword:1 "DefaultTTL"=dword:256 "EnableDeadGWDetect"=dword:0 "DisableIPSourceRouting"=dword:1 "EnableFragmentChecking"=dword:1 "EnableMulticastForwarding"=dword:0 "IPEnableRouter"=dword:0 "EnableAddrMaskReply"=dword:0

    [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/AFD/Parameters] "EnableICMPRedirect"=dword:0 "EnableDynamicBacklog"=dword:1 "MinimumDynamicBacklog"=dword:20 "MaximumDynamicBacklog"=dword:20000 "DynamicBacklogGrowthDelta"=dword:10  

    专利

    最新回复(0)