« Home

Think Twice »Cyber Crime Officially More Lucrative than Drug Tr... »Google's AdSense Algorithm »Exploiting Macromedia Flash »Byzantine Owns Jack Thompson »Ethical Malicious Hacking »Owning A Continent, Penetrating Testing with Google »Hacking Gallery v2.4, Zoomblog, XMB and ibProArcade »Wireless Theft »Efficient and Optimized C code » 

Windows 2000/2003 SYN DoS Attack Protection

Published 12.06.2005 by jm | E-mail this post

E-mail this post



Remember me (?)



All personal information that you provide here will be governed by the Privacy Policy of Blogger.com. More...


By attacking Microsoft Windows 2000 and 2003 with SYN flood, attackers can cause a DoS on the system.

On Windows 2000 and 2003 the system administrator can enable a SYN Attack protection mechanism on the TCP/IP by adding the value SynAttackProtect in the registry key HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.
If the value of SynAttackProtect is 2 the TCP/IP stack notifies a listening socket only when the 3-way handshake has been completed and tracks the ongoing 3-way handshakes by storing them in an hash table. This way the backlog of the socket is defended from the SYN floods attacks.

The vulnerability resides in the hash table management, in fact the hash function used by the TCP/IP stack works only on some fields of the incoming SYN packet and is thus predictable. An attacker can generate a large number of SYN packets with the same hash value to target the same hash table bucket. When the victim machine receives them, it stores them in just one bucket of the hash table. The chain attached to this bucket keeps growing, and the more it grows, the slower the lookup algorithm becomes.

thanks to Luigi Mori at Symbolic.it

    If the human body was never exposed to ailments, it would be impressivly vulnerable to the slightest cold. If our country was never exposed to hacking, it would be oppressivly vulnerable to cyber terrorism. With out the creation of a malicious hacking, Afganistan could have destroyed America's economy with a ping flood. This is why I encourange maclicious hacking, as an ethical practice. Without strengthening our defenses, we are weak. This site is focused on security through knowledge. I detest the fact that so many companies are being exploited because malicious hackers know their security holes before they do. For that reason, I hope to educate where the exploits lay. This isn't a 100% information base, as I only publish things I have been able to implement on myself. No credit is needed anywhere . However if you are a publisher, I would appriciate credit. I am an advocate of open source, so copy and paste and call it your own if you like. If my work is good enough for you to plagerize then that is my biggest compliment . If my work is good enough, I will be approached and asked to write more ... this is natural selection of the digital age .

Previous hacks

Previous Hacks



    This link kills spam


    spam IP addresses


    These are sites I block at my firewall.

    cdn2.gms1.net
    gms1.net
    servedby.advertising.com
    advertising.com
    a.tribalfusion.com
    tribalfusion.com
    pimpslord.com
    altfarm.mediaplex.com
    mediaplex.com
    ad.yeildmanager.com
    yeildmanager.com
    doubleclick.net
    isg32.casalemedia.com
    casalemedia.com

    Cost of the War in Iraq
    (JavaScript Error)

Two very recommended books:


. . The only hacking forum I have found worth mentioning here