4

I would like to make sure that my Windows 2008 servers are hardened against DDOS attacks.

There is a Microsoft Technet article on Hardening the TCP/IP stack, but it was last revised in January 2006. There is another article (somewhat duplicative) specifically for Windows Server 2003, but I can't find one for Windows Server 2008.

Does anyone know if these protections are already in place in Windows Server 2008's TCP/IP stack or if they are still relevant?

I found a portion of a book on Safari called Windows Server 2008 TCP/IP Protocols and Services that read:

TCP in Windows Server 2008 and Windows Vista use SYN attack protection to prevent a SYN attack from overwhelming the computer.

and

TCP in Windows Server 2008 and Windows Vista no longer supports the TcpMaxConnectResponseRetransmissions, SynAttackProtect, TcpMaxHalfOpen, and TcpMaxHalfOpenRetried registry values.

...but I can't find a mention of the other registry values nor a second source for this information.

chmeee
  • 7,270
  • 3
  • 29
  • 43
Adam Brand
  • 6,057
  • 2
  • 28
  • 40

2 Answers2

4

They re-wrote the TCP/IP stack in Vista/2008 and included many security related changes.

You may be interested in reading the "Next Generation TCP/IP Stack" document from Microsoft as it contains links to the new registry settings, enhancements & security protections and others.

Mark Amerine Turner
  • 2,574
  • 1
  • 16
  • 17
  • Did you see anything on security? The link you linked to mentioned performance enhancements only (as far as I saw). – Adam Brand Jul 20 '09 at 22:36
1

Check out the DISA / NSA Windows 2008 Server Security and Technical Implementation Guide (STIG) here (Scroll down for Windows guides): DISA IASE Site

The STIG has a number of security tweeks and registry changes designed to harden your network stack (and local machine in general).

Adam
  • 554
  • 2
  • 5