TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
Even with SynAttackProtect set to 2 (the highest setting), ISS still reports the problem. I've even tried to run it against port 80 and twice the test duration, but with the same results. I also ran it against a machine that isn't running the SRP, but basically just SP 6a, and it reports the same thing. That sure seems to strongly say something, but I'm not sure if it says that there really is a problem, or that it's a false positive... Has anyone else seen this reported against "fixed" Windows NT systems? -----Original Message----- From: Christopher Brenner [mailto:[EMAIL PROTECTED]] Sent: Monday 22 April 2002 2:12 PM To: Taed Wynnell Subject: RE: False positive with syncstorm (SYN flood denial of service) This help? http://support.microsoft.com/default.aspx?scid=kb;en-us;Q315669 "When crypto is outlawed, only outlaws will have crypto." P. Zimmerman 1991 ___________________________________________________________________________ Christopher M. Brenner [EMAIL PROTECTED] LS&A Info Tech cbr900RR http://www.umich.edu/~cbrenner KB8JRI 734-647-8213 -----Original Message----- From: Taed Wynnell [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 4:50 PM To: ISS Forum (E-mail) Subject: False positive with syncstorm (SYN flood denial of service) TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- ISS is reporting that my Windows NT 4.0 (+ SP 6a + SRP) systems are vulnerable to the syncstorm (SYN flood denial of service) attack. All of the reading that I've done seem to indicate that Microsoft fixed it in an earlier hotfix, which has been rolled into the SRP. The remedy says to apply the new patches and to increase "the default limit of connection buffers". Is the second part needed on Windows NT? If so, how is it done? (A search of the NT Resource Kit Registry documentation didn't turn up anything obvious.) Thanks for any pointers!
