To resist DDoS attacks by modifying the registry

DDoS damage I'm not going to say this here, but we can reduce the damage caused by DDoS by correcting the registration form.

1) Set up a livelihood moment

Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters

DefaultTTL REG_DWORD 0-0xff (0-255 decimal, acquiescence value 128)

Clarification: Specifies the acquiesce time (TTL) value set in outgoing IP packets. TTL resolution The maximum time that IP packets make a living on the network before reaching a policy. It actually constrains the number of routers the IP packet promised to pass before it was discarded. Sometimes this value is used to explore long-distance host operation system. I advocate setting it to 1, as this is the live time for ICMP packets. The smaller the other side with PING DDoS you, usually 1M bandwidth must be more than 100 chickens to end. You can fix it without correcting 20.

2) Avoid the invasion of ICMP redirect message

Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters

Enableicmpredirects REG_DWORD 0x0 (acquiescence value is 0x1)

Clarification: This parameter controls whether Windows 2000 can alter its routing table to echo ICMP redirects sent to it by a network device, such as a router, and is sometimes used to do bad things. The acquiescence value of the Win2000 is 1, indicating the echo ICMP redirect message.

3) Stop echoing ICMP routed billing message

Hkey_local_machinesystemcurrentcontrolsetservicestcpipparametersinter

Facesinterface

PerformRouterDiscovery REG_DWORD 0x0 (acquiescence value is 0x2)

Clarified that the "ICMP Routing bulletin" function can form the abnormal network convergence of other people's computers, the data is overheard, and the computer is used for traffic invasion and other serious consequences. This problem has incurred a large area of campus network LAN, a long time network anomaly. Therefore, the closed echo ICMP routing notice message is advocated. The acquiescence value in Win2000 is 2, indicating that when the DHCP Send router discovery option is enabled.

4 Avoid SYN flood to invade

Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters

SynAttackProtect REG_DWORD 0x2 (acquiescence value is 0x0)

Clarification: SYN-invasion maintenance includes cutting the number of syn-ack from scratch to cut the allocation of resources to save the moment. The routing cache Item resource allocation is deferred until the link is set to stop. In the case of synattackprotect=2, the AfD's cohesive instructions have always been postponed to the end of the three-way handshake. Focus on the maintenance mechanism only when the TcpMaxHalfOpen and tcpmaxhalfopenretried settings exceed the scale.

5 Stop the default sharing of C $ and d$

Hkey_local_machinesystemcurrentcontrolsetserviceslanmanserverparameters

AutoShareServer, REG_DWORD, 0x0

6) Stop admin$ default sharing

Hkey_local_machinesystemcurrentcontrolsetserviceslanmanserverparameters

AutoShareWks, REG_DWORD, 0x0

7) Constraint ipc$ default sharing

Hkey_local_machinesystemcurrentcontrolsetcontrollsa

RestrictAnonymous REG_DWORD 0x0 Default

0x1 Anonymous users cannot list native user lists

0x2 Anonymous users cannot connect with native ipc$

Clarify: Do not advocate the use of 2, or it may form some of your services can not be launched, such as SQL Server

8 does not support IGMP protocol

Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters

IGMPLevel REG_DWORD 0x0 (acquiescence value is 0x2)

Note: Remember that there is a bug in Win9x that you can correct the bug by using IGMP to make the other person blue and correcting the registry. Win2000 Although not the bug, but IGMP is not necessary, so can be removed. After changing to 0, the route print will not see the boring 224.0.0.0.

9 set ARP cache aging Time settings

Hkey_local_machinesystemcurrentcontrolsetservices:tcpipparameters

ArpCacheLife REG_DWORD 0-0xffffffff (number of seconds, acquiescence value 120 seconds)

ArpCacheMinReferencedLife REG_DWORD 0-0xffffffff (number of seconds, acquiescence value 600)

Clarified that if the arpcachelife is greater than or equal to ArpCacheMinReferencedLife, the quoted or not quoted ARP cache entry expires in arpcachelife seconds. If the arpcachelife is less than ArpCacheMinReferencedLife, the item does not expire after arpcachelife seconds, and the citation expires after arpcacheminreferencedlife seconds. Items in the ARP cache are cited each time an outbound packet is sent to the IP address of the item.

10) Stop dead Gateway monitoring skills

Hkey_local_machinesystemcurrentcontrolsetservices:tcpipparameters

EnableDeadGWDetect REG_DWORD 0x0 (acquiescence value is Ox1)

Clarification: If you set up multiple gateways, your machine will actively switch to a backup gateway if it is difficult to handle multiple connections. Sometimes it's not a good idea to stop dead gateway monitoring.

11 does not support routing function

Hkey_local_machinesystemcurrentcontrolsetservices:tcpipparameters

IPEnableRouter REG_DWORD 0x0 (acquiescence value is 0x0)

It is clarified that setting the value to 0x1 can make Win2000 have the function of routing, thus causing unnecessary problems.

12 The maximum value of the external port to enlarge the transform when doing NAT

Hkey_local_machinesystemcurrentcontrolsetservices:tcpipparameters

MaxUserPort REG_DWORD 5000-65534 (decimal) (acquiescence value 0x1388--decimal for 5000)

Clarified: When an application pleads with the number of user ports available from the system, this parameter manipulates the maximum number of ports used. Normally, the number of short port assignments is 1024-5000. When this parameter is set to a useful scale, the nearest useful value (5000 or 65534) is applied. When using NAT, it is advocated to enlarge the value point.

13) correcting the MAC address

Hkey_local_machinesystemcurrentcontrolsetcontrolclass

Locate the directory that is clarified as "Nic" in the right window.

Let's say {4d36e972-e325-11ce-bfc1-08002be10318}

Open it, under its 0000,0001,0002 ... The "DriverDesc" key is found in the branch of your network card, for example, the value of "DriverDesc" is "Intel 82559 Fast Ethernet LAN on motherboard" and then a new string value is created in the right window with the name " NetworkAddress ", the content for you want the Mac value, for example," 004040404040 "then restart the computer, Ipconfig/all see. Eventually, with a blackice on the wall, you should be able to rebel against the usual DDoS

Note : More wonderful tutorials Please pay attention to the triple computer tutorial section, triple Computer office group: 189034526 welcome you to join