This tweak can be easily applied using WinGuides Tweak Manager. Download a free trial now!

Windows includes protection that allows it to detect and adjust when the system is being targeted with a SYN flood attack (a type of denial of service attack). When enabled the connection responses time out more quickly in the event of an attack.

Open your registry and find the key below.

Create a new DWORD value called "SynAttackProtect" and set it to either 0, 1 or 2 based on the table below.

This value causes Transmission Control Protocol (TCP) to adjust retransmission of SYN-ACKS. When you configure this value, the connection responses time out more quickly in the event of a SYN attack (a type of denial of service attack).

• 0 (default) - typical protection against SYN attacks
• 1 - better protection against SYN attacks that uses the advanced values below.
• 2 (recommended) - best protection against SYN attacks. This value adds additional delays to connection indications, and TCP connection requests quickly timeout when a SYN attack is in progress.

Restart Windows for the changes to take effect.

Note: When SynAttackProtect is using the best protection option then Scalable windows and TCP parameters that are configured on each adapter (including Initial RTT and window size) are no longer available.

		(Default)	REG_SZ	(value not set)
		SynAttackProtect	REG_DWORD	0x00000002 (2)
		TcpMaxHalfOpen	REG_DWORD	0x00000064 (100)
		TcpMaxHalfOpenedRetried	REG_DWORD	0x00000050 (64)
		TcpMaxPortsExhausted	REG_DWORD	0x00000005 (5)
		TcpMaxConnectResponseRetrans...	REG_DWORD	0x00000003 (3)

	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Disclaimer: Modifying the registry can cause serious problems that may require you to reinstall your operating system. We cannot guarantee that problems resulting from modifications to the registry can be solved. Use the information provided at your own risk.