Win2003 防禦 DDOS

f66666602

之前遇到 DDOS 攻擊, 不外乎 syn flood, tcp flood, icmp flood .... 飽受攻擊一陣子, 發現其實 win2003 內建就有防禦 DDOS 的功能, 僅靠防火牆是不夠的! 先把自己的 windows 2003 加強吧!!~~ 把以下的文件貼起來存成 .reg 檔案, 直接註冊就可以了!~

------  此線以下複製貼到記事本中, 另存新檔成為 ddos.reg 然後點兩下匯入即可.
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters]
"DynamicBacklogGrowthDelta"=dword:0000000a
"MaximumDynamicBacklog"=dword:00004e20
"MinimumDynamicBacklog"=dword:00000014
"EnableICMPRedirect"=dword:00000000
"EnableDynamicBacklog"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
"SynAttackProtect"=dword:00000001
"TcpMaxPortsExhausted"=dword:00000005
"TcpMaxHalfOpen"=dword:000001f4
"TcpMaxHalfOpenRetried"=dword:00000190
"TcpMaxConnectResponseRetransmissions"=dword:00000002
"TcpMaxDataRetransmissions"=dword:00000002
"EnablePMTUDiscovery"=dword:00000000
"KeepAliveTime"=dword:000493e0
"NoNameReleaseOnDemand"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DisableIPSourceRouting"=dword:00000001
"EnableFragmentChecking"=dword:00000001
"EnableMulticastForwarding"=dword:00000000
"IPEnableRouter"=dword:00000000
"EnableDeadGWDetect"=dword:00000000
"EnableAddrMaskReply"=dword:00000000