Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Change in SYN attack protection in Windows Server 2003 Service Pack 1 and in x64-based versions of Windows Server 2003


View products that this article applies to.

Summary

This article discusses a change in the way that Microsoft Windows Server 2003 responds to Winsock connections during a SYN attack after you install Microsoft Windows Server 2003 Service Pack 1 (SP1), Windows Server 2003 SP2, or an x64-based version of Windows Server 2003. This change is designed to help improve protection against SYN attacks. Because of this new functionality, some programs may no longer work correctly while the server is under attack.

Note A SYN attack is a type of denial of service attack.

↑ Back to the top


More information

When SYN attack protection is enabled in Windows Server 2003 SP1, Windows Server 2003 SP2, or in an x64-based version of Windows Server 2003, the TCP RST (reset) packet is sent to end the TCP session after the three-way handshake during a SYN attack. Before you install Windows Server 2003 SP1, Windows Server 2003 SP2, or an x64-based version of Windows Server 2003, the TCP RST packet is sent during the three-way handshake. Because of this timing change, some programs may not try to reconnect after the initial unsuccessful connection attempt.

Before clients install Windows Server 2003 SP1, Windows Server 2003 SP2, or an x64-based version of Windows Server 2003, clients may have been able to connect during an SYN attack, or they may have received error 1722. However, after installing Windows Server 2003 SP1, Windows Server 2003 SP2 or an x64-based version of Windows Server 2003, clients may receive error 1727 during a SYN attack and cannot connect.

During a SYN attack, RPC clients may receive error 1727. Before Windows Server 2003 SP1, Windows Server 2003 SP2, or an x64-based version of Windows Server 2003 was installed, the connection may have succeeded or the clients may have received error 1722. For more information about SYN attack protection, click the following article number to view the article in the Microsoft Knowledge Base:
324270� How to harden the TCP/IP stack against denial of service attacks in Windows Server 2003
For more information about Winsock, click the following article number to view the article in the Microsoft Knowledge Base:
175523� INFO: Winsock TCP connection performance to unused ports

Technical support for Windows x64 editions

Your hardware manufacturer provides technical support and assistance for Microsoft Windows x64 editions. Your hardware manufacturer provides support because a Windows x64 edition was included with your hardware. Your hardware manufacturer might have customized the Windows x64 edition installation with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your Windows x64 edition. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware.

For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site: For product information about Microsoft Windows Server 2003 x64 editions, visit the following Microsoft Web site:

↑ Back to the top


Keywords: KB875417, kbinfo, kbhowto, kbsecurityservices, kbwinservnetwork

↑ Back to the top

Article Info
Article ID : 875417
Revision : 8
Created on : 9/11/2011
Published on : 9/11/2011
Exists online : False
Views : 180