Initiate SYN attack protection. The default entry value is 0, which means that the attack protection is not turned on, and the entry value of 1 and 2 indicates that SYN attack protection is initiated, set to 2
The security level is higher and the situation is considered an attack, you need to trigger the boot based on the conditions set by the TcpMaxHalfOpen and tcpmaxhalfopenretried values below. It should be noted here that the NT4.0 must be set to 1, set to 2 after a special packet will cause the system to reboot.
"SynAttackProtect" =dword:00000002
The number of half connections allowed to open at the same time. The so-called semi-connection, which means that the TCP session is not fully established, can be seen in the SYN_RCVD state with the netstat command. This uses the Microsoft recommended value, the server is set to 100, and the Advanced Server is set to 500. Suggestions can be set slightly smaller.
"TcpMaxHalfOpen" =dword:00000064
Determine if there is a trigger point for the attack. Here we use the Microsoft recommended value, the server is 80, and the Advanced Server is 400.
"TcpMaxHalfOpenRetried" =dword:00000050
Set the wait syn-ack time. The default entry value is 3, which consumes 45 seconds of the default process. The item value is 2 and consumes 21 seconds.
The item value is 1 and consumes 9 seconds. The minimum can be set to 0, which means no wait, and consumes a time of 3 seconds. This value can be modified according to the size of the attack.
Sets the number of TCP heavy flyer data segments. The default entry value is 5, which consumes 240 seconds of the default process. Microsoft Site security recommended for 3.
"TcpMaxDataRetransmissions" =dword:00000003
Set the critical point for SYN attack protection. When the available backlog changes to 0 o'clock, this parameter is used to control the opening of SYN attack protection, and the Microsoft Site security recommendation is 5.
"TCPMaxPortsExhausted" =dword:00000005
Prohibit IP source routing. The default entry value is 1, which indicates that the routing packet is not routed, the entry value is set to 0, all forwarding is set to 2, which means that all accepted source routing packets are discarded and Microsoft Site security recommendation is 2.
"DisableIPSourceRouting" =dword:0000002
Limit the maximum time that is in the TIME_WAIT state. The default is 240 seconds, the minimum is 30 seconds, and the maximum is 300 seconds. The recommended setting is 30 seconds.
"TcpTimedWaitDelay" =dword:0000001e
8. How to prevent *mdb files from being downloaded
Installing the URLScan tool released by Ms can fundamentally solve this problem.
It's also a powerful security tool, and you can get more detailed information from MS's website.
9. How to get IIS to run with minimal NTFS permissions
In turn, do the following work:
A. Select the entire hard drive:
System: Full Control
Administrator: Full Control
(Allows inheritable permissions from parent to be propagated to objects)
B.\program Files\Common Files:
Everyone: Read and run
Listing file Directories
Read
(Allows inheritable permissions from parent to be propagated to objects)
C.\inetpub\wwwroot:
Iusr_machine: Read and run
Listing file Directories
Read
(Allows inheritable permissions from parent to be propagated to objects)
E.\winnt\system32:
Select all directories except Inetsrv and Centsrv,
Remove the "Allow inheritable permissions from parent to propagate to objects" marquee, copy.
F.\WINNT:
Select in addition to downloaded program files, help, IIS temporary compressed files,
Offline all directories except Web pages, system32, Tasks, temp, web
Remove the "Allow inheritable permissions from parent to propagate to objects" marquee, copy.
G.\WINNT:
Everyone: Read and run
Listing file Directories
Read
(Allows inheritable permissions from parent to be propagated to objects)
H.\winnt\temp: (allows access to the database and appears on the ASP page)
Everyone: Modify
(Allows inheritable permissions from parent to be propagated to objects)
10. How to hide the IIS version
A hacker can easily telnet to your web port and send a GET command for a lot of information
The corresponding DLL files that IIS holds for IIS banner are as follows:
Web:c:\winnt\system32\inetsrv\w3svc. Dll
FTP:C:\WINNT\SYSTEM32\INETSRV\FTPSVC2. Dll
Smtp:c:\winnt\system32\inetsrv\smtpsvc. Dll
You can use the 16 editor to modify the keywords of those DLL files, such as the microsoft-iis/5.0 of IIS
The specific process is as follows:
1. Stop IIS Iisreset/stop
2. Delete a file with the same name under the%systemroot%\system32\dllcache directory
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.