2008. 2. 21. 21:15
[DOS] SYN Packet (패킷)
- TCP/IP 스택을 강화
To do? SEE! http://dataprocess.tistory.com/entry/Sis-win-13
아래와 같이 웹 서버가 초당 1000개 이상의 SYN 패킷을 받고 있었다.
앞으로 이런 유형의 공격을(DoS) 방어하기 위한 레지스트리 값을 설정하여라.
C:>netstat -na | findstr ` SYN_RECEIVED`
TCP 211.241.82.71:80 6.55.194.236:51370 SYN_RECEIVED
TCP 211.241.82.71:80 16.192.252.18:22452 SYN_RECEIVED
TCP 211.241.82.71:80 49.5.243.221:52363 SYN_RECEIVED
TCP 211.241.82.71:80 50.145.99.80:46108 SYN_RECEIVED
TCP 211.241.82.71:80 51.53.109.147:28308 SYN_RECEIVED
TCP 211.241.82.71:80 61.58.85.212:52375 SYN_RECEIVED
TCP 211.241.82.71:80 63.33.85.135:32111 SYN_RECEIVED
TCP 211.241.82.71:80 67.206.19.195:28501 SYN_RECEIVED
TCP 211.241.82.71:80 68.79.239.155:42810 SYN_RECEIVED
TCP 211.241.82.71:80 221.29.79.118:36387 SYN_RECEIVED
Windows 2000 Server에서의 TCP/IP 악용 및 대책
Windows 2000에서 서비스 거부 공격에 대비한 TCP/IP 스택을 강화하는 방법
Harden the TCP/IP Stack for Denial of Service Attacks (Windows 2000/XP) Popular
Hardening the TCP/IP stack to SYN attacks
Protect Against SYN Flood Attacks (Windows NT/2000/XP)
앞으로 이런 유형의 공격을(DoS) 방어하기 위한 레지스트리 값을 설정하여라.
C:>netstat -na | findstr ` SYN_RECEIVED`
TCP 211.241.82.71:80 6.55.194.236:51370 SYN_RECEIVED
TCP 211.241.82.71:80 16.192.252.18:22452 SYN_RECEIVED
TCP 211.241.82.71:80 49.5.243.221:52363 SYN_RECEIVED
TCP 211.241.82.71:80 50.145.99.80:46108 SYN_RECEIVED
TCP 211.241.82.71:80 51.53.109.147:28308 SYN_RECEIVED
TCP 211.241.82.71:80 61.58.85.212:52375 SYN_RECEIVED
TCP 211.241.82.71:80 63.33.85.135:32111 SYN_RECEIVED
TCP 211.241.82.71:80 67.206.19.195:28501 SYN_RECEIVED
TCP 211.241.82.71:80 68.79.239.155:42810 SYN_RECEIVED
TCP 211.241.82.71:80 221.29.79.118:36387 SYN_RECEIVED
