siosios
01-03-2009, 08:02 AM
<><><><><><><><><><><><><><><><><><><><>
How to make your computer Anti-DDoS (DDoS Protection)
<><><><><><><><><><><><><><><><><><><><>
What you need:
"Harden It" ---> So google it.
Open up regedit
Goto HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows
Under Windows, add a new key called Psched, it may already be there.
Under the key Psched, add a DWORD value named "MaxOutstandingSends" without quotes, of course.
Once you have created the DWORD value named MaxOutstandingSends, right click on it and click modify.
Under value data, put 65535. Under base, Hexadecimal should be chosen.
Here's a few other registry values/keys to stop DoS/DDoS attacks in the event that you have a weak connection and your system can't even withstand 65535 connections:
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVIC ES\TCPIP\PARAMETERS]
"SYNATTACKPROTECT"=DWORD:00000002
"TCPMAXDATARETRANSMISSIONS"=DWORD:3
"TCPMAXHALFOPEN"=DWORD:64
"TCPMAXHALFOPENRETRIED"=DWORD:50
"TCPMAXPORTSEXHAUSTED"=DWORD:1
"TCPMAXCONNECTRESPONERETRANSMISSIONS"=DWORD:2
"ENABLEDEADGWDETECT"=DWORD:0
"ENABLEPMTUDISCOVERY"=DWORD:0
"KEEPALIVETIME"=DWORD:300000
"ALLOWUNQUALIFIEDQUERY"=DWORD:0
"DISABLEDYNAMICUPDATE"=DWORD:1
now you have to open the program you downloaded (HardenIt)
As your going through the steps in HardenIt, check what I have put down (same order)...
- Complete Setup
- Syn Flood/Attack Protection (Good)
- 100 (Recommended for Workstations)
- 80 (Recommended for Workstations)
- 0 (Recommended, protection enables immediately when all ports are exhausted.)
- 2 (Recommended)
- 3 (Recommended)
- Enabled (Recommended)
- Workstation (300000ms or 5 minutes)
- Enabled (Recommended)
- Disabled (Recommended)
- Disabled (Recommended)
- Disabled (Recommended)
- Enabled (Recommended)
- 10 (Recommended)
- 10000 (!Workstations! - 64MB RAM)
- 10 (Recommended)
- Enabled (Recommended)
- 1 (Recommended - do not forward Sorce Routed packets)
- Enabled (Recommended)
- Disabled (Recommended)
- Disabled (Recommended)
- Enabled (Recommended)
- Restrict Anonymous (Level 1 - Recommended)
Does not allow anonymous numeration of SAM accounts and shares.
- Enable SAM restriction (Recommended)
Does not allow anonymous numeration of SAM accounts and shares.
- Disable Everyone Includes Anonymous (Recommended)
Null-session users won't have any rights.
- Retry Count 1 (Recommended)
- Smooth (90 seconds - Recommended)
- Enabled (Recommended)
How to make your computer Anti-DDoS (DDoS Protection)
<><><><><><><><><><><><><><><><><><><><>
What you need:
"Harden It" ---> So google it.
Open up regedit
Goto HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows
Under Windows, add a new key called Psched, it may already be there.
Under the key Psched, add a DWORD value named "MaxOutstandingSends" without quotes, of course.
Once you have created the DWORD value named MaxOutstandingSends, right click on it and click modify.
Under value data, put 65535. Under base, Hexadecimal should be chosen.
Here's a few other registry values/keys to stop DoS/DDoS attacks in the event that you have a weak connection and your system can't even withstand 65535 connections:
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVIC ES\TCPIP\PARAMETERS]
"SYNATTACKPROTECT"=DWORD:00000002
"TCPMAXDATARETRANSMISSIONS"=DWORD:3
"TCPMAXHALFOPEN"=DWORD:64
"TCPMAXHALFOPENRETRIED"=DWORD:50
"TCPMAXPORTSEXHAUSTED"=DWORD:1
"TCPMAXCONNECTRESPONERETRANSMISSIONS"=DWORD:2
"ENABLEDEADGWDETECT"=DWORD:0
"ENABLEPMTUDISCOVERY"=DWORD:0
"KEEPALIVETIME"=DWORD:300000
"ALLOWUNQUALIFIEDQUERY"=DWORD:0
"DISABLEDYNAMICUPDATE"=DWORD:1
now you have to open the program you downloaded (HardenIt)
As your going through the steps in HardenIt, check what I have put down (same order)...
- Complete Setup
- Syn Flood/Attack Protection (Good)
- 100 (Recommended for Workstations)
- 80 (Recommended for Workstations)
- 0 (Recommended, protection enables immediately when all ports are exhausted.)
- 2 (Recommended)
- 3 (Recommended)
- Enabled (Recommended)
- Workstation (300000ms or 5 minutes)
- Enabled (Recommended)
- Disabled (Recommended)
- Disabled (Recommended)
- Disabled (Recommended)
- Enabled (Recommended)
- 10 (Recommended)
- 10000 (!Workstations! - 64MB RAM)
- 10 (Recommended)
- Enabled (Recommended)
- 1 (Recommended - do not forward Sorce Routed packets)
- Enabled (Recommended)
- Disabled (Recommended)
- Disabled (Recommended)
- Enabled (Recommended)
- Restrict Anonymous (Level 1 - Recommended)
Does not allow anonymous numeration of SAM accounts and shares.
- Enable SAM restriction (Recommended)
Does not allow anonymous numeration of SAM accounts and shares.
- Disable Everyone Includes Anonymous (Recommended)
Null-session users won't have any rights.
- Retry Count 1 (Recommended)
- Smooth (90 seconds - Recommended)
- Enabled (Recommended)