MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)ID: oval:org.secpod.oval:def:35155 | Date: (C)2016-06-10 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
This entry appears as MSS: (SynAttackProtect) Syn attack protection level (protects against DoS) in the Group Policy Object Editor. This entry causes TCP to adjust retransmission of SYN-ACKs. When you configure this entry, the overhead of incomplete transmissions in a connect request (SYN) attack is reduced.
You can use this entry to configure Windows to send router discovery messages as broadcasts instead of multicasts, as described in RFC 1256. By default, if router discovery is enabled, router discovery solicitations are sent to the all-routers multicast group (224.0.0.2).
Counter Measure:
Enable and configure this setting.
Potential Impact:
TCP/IP traffic could be inaccurately detected as a Denial of Service (DoS) attack.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\MSS (Legacy)\MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters!SynAttackProtect
Platform: |
Microsoft Windows 10 |