Can try to be on guard through having safe setting to the server above all DDOS attack. If pass pair of server settings to cannot be solved effectively, can consider to buy so fought DDOS firewall (put aegis major class on the ice to fight DDOS to atttack firewall) for example. Actually from operating system angle for, itself has a lot of functions with respect to Tibet, just be to need us more very slowly go digging. If why register a watch through revising below Win2000 environment,I give everybody simple introduction here, enhance a system fight DoS ability. 　

Ask an attention, the following safe setting all undertakes modification through registering a watch, the function of this setting depends on the configuration of the server, especially the processing capability of CPU. Be like according to have safe setting as follows, use two-way to be configured to the server of strong 2.4G, the course checks, can bear the charge volume of about 10 thousand bags.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]

' shuts the examination of invalid gateway. Installed many gateway when the server, be illogical in the network so free when the system can try join
' the 2nd gateway, through shutting it to be able to optimize a network.
"EnableDeadGWDetect" =dword:00000000

' prohibits answering ICMP to weigh directional message. Possible in order to atttacks this kind of message, so the system should reject to accept ICMP to weigh directional message.
"EnableICMPRedirects" =dword:00000000

' does not allow to release NETBIOS name. When the request that issues name of inquiry server NETBIOS when aggressor, can make the server prohibits answering.
' notices the system must install SP2 above
"NoNameReleaseOnDemand" =dword:00000001

' sends test and verify to hold mobile data bag. How many time comes interval of TCP of this option decision join currently certainly still be in join condition,
' does not establish this value, criterion whether does systematic every other have unused join 2 hours to undertake checking to TCP, setting time is 5 minutes here.
"KeepAliveTime" =dword:000493e0

' prohibits undertaking method of packets of the biggest length detects. This value is 1 when, will detect automatically the size that gives the data package that can transmit,
' can be used improve transmission efficiency, be like occurrence breakdown or safe for the purpose of, establish a value for 0, express to use fixed MTU to be worth 576bytes.
"EnablePMTUDiscovery" =dword:00000000

' starts Syn to atttack protection. Default the value is 0, express not open atttacks protection, the value is 1 and 2 state the Syn that start atttacks protection, set into 2 later
' safe level is higher, to why be being planted the state falls consider as attack, need the TcpMaxHalfOpen below the basis and TcpMaxHalfOpenRetried value
Previous12 Next

Previous:The principle that DDoS atttacks and tool introduce
Next：Defence DDoS is distributed decline a service