Re: Syn Attacks: Metabase entries (w3svc/ServerListenBacklog) & Backlog parameters
From: Ray Secrest (res0cu5i@verizon@net)
Date: 12/03/02
- Next message: Stefan Schachner[MS]: "RE: A problem of the CA web enrollment"
- Previous message: Jeff Cochran: "Re: porngraphic material"
- In reply to: Karl Levinson [x y] mvp: "Re: Syn Attacks: Metabase entries (w3svc/ServerListenBacklog) & Backlog parameters"
- Next in thread: Karl Levinson [x y] mvp: "Re: Syn Attacks: Metabase entries (w3svc/ServerListenBacklog) & Backlog parameters"
- Reply: Karl Levinson [x y] mvp: "Re: Syn Attacks: Metabase entries (w3svc/ServerListenBacklog) & Backlog parameters"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ray Secrest" <res0cu5i@verizon@net> Date: Tue, 3 Dec 2002 08:44:23 -0500
Can you recommend some additional reading material for terms mentioned?
Are these general terms (different vendors use the same terms to describe
the same parameter) that are covered in the RFCs. Should I start looking
the TCPIP Illustrated encyclopedia?
Thanks
Ray
"Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
news:e7jg3$kmCHA.1604@TK2MSFTNGP08...
> Your ISP may also be able to assist here. Also a good commercial firewall
> with Syn flood protection [netscreen.com 5xp starts at $500, Checkpoint,
> Intrusion.com, Nortel Contivity switch, Cisco, etc.
>
> http://securityadmin.info/faq.htm#firewall
>
>
> "Ray Secrest" <res0cu5i@verizon@net> wrote in message
> news:OcevrBkmCHA.2224@tkmsftngp02...
> > We are experiencing a large number of tcp connections (1500+)on our IIS
5
> > Web servers (SP2, SRP-1 & IIS Cumulative patch + many, many hot fixes)
and
> > the servers will lock up. Our IDS has reported this as either a broken
> > network (the source originates outside our nework) or a SynAttack. The
IP
> > stack has been hardened as follows:
> > Tcpip/Parameters/SynAttackProtect 2
> > Tcpip/Parameters/TcpMaxHalfOpen 100
> > Tcpip/Parameters/TcpMaxHalfOpenRetried 80
> >
> > I was reviewing a few KB articles (Security Considerations for Network
> > Attacks &Q142641). While reading these I was trying to fully understand
> > some terms mentioned but I couldn't find them on TechNet or in Win2k
> Server
> > ResKit. What are the Backlog parameters, are they configurable and what
> are
> > the recommended settings? Is this related to the Metabase setting
> > W3svc/Server ListenBacklog (which is set to 1000)? The
> > W3svc/MaxEndPointConnections has been modified to 500 also.
> > Q142641 lists some parameters for WinNT 3.51 & NT4. Is it advisable
> to
> > use these on Win2k (heading in KB lists Win2k as applicable but Win2k is
> not
> > listed in body of article)?
> > Is there additional reading for these parameters (other than the
> RFCs)?
> > Thanks
> > Ray
> >
> >
>
>
- Next message: Stefan Schachner[MS]: "RE: A problem of the CA web enrollment"
- Previous message: Jeff Cochran: "Re: porngraphic material"
- In reply to: Karl Levinson [x y] mvp: "Re: Syn Attacks: Metabase entries (w3svc/ServerListenBacklog) & Backlog parameters"
- Next in thread: Karl Levinson [x y] mvp: "Re: Syn Attacks: Metabase entries (w3svc/ServerListenBacklog) & Backlog parameters"
- Reply: Karl Levinson [x y] mvp: "Re: Syn Attacks: Metabase entries (w3svc/ServerListenBacklog) & Backlog parameters"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
