We used the newland.exe v0.1 "proof of concept" program to "attack" some of
our Windows 2003 Server boxes. In all cases, the target system's CPU usage
went to 100% and stayed like that for 20-30s after the "attack" stopped.
We were able to prevent the 100% CPU utilization by setting the value of
"SynAttackProtect" to 1 or 2 in the TCP/IP parameters:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
SynAttackProtect = 1 (DWORD)
Target systems: Windows 2003 Server Enterprise and Standard editions (didn't
work in Windows XP SP2).
More info:
http://support.microsoft.com/default...b;en-us;324270
Marcio Vieira
Southeast Missouri State University
Reply With Quote