WINDOWS 2000 PROFESSIONAL
There are a handful of registry settings you can apply to a Windows 2000 computer in order to harden it against DoS attacks. These include:
* SynAttackProtect: This setting protects against a SYN flood attack. Set to a value of 0, 1, or 2 for increasing levels of protection. The higher the value, the more delay Windows adds to connection attempts, causing TCP connection timeouts.
* EnableDeadGWDetect: Set to 0 to prevent the computer from switching to a different gateway, which could otherwise occur if a DoS attack is in progress. A value of 1 allows the gateway switch.
* EnablePMTUDiscovery: Set to 0 to prevent a hacker from forcing an MTU change to a small value and bogging down the TCP/IP protocol stack. Windows uses an MTU value of 576 bytes for all nonlocal connections with this setting at 0. Set to 1 to allow MTU discovery.
* KeepAliveTime: Set this value (in milliseconds) to a relatively low number to decrease the length of time Windows sends a keep-alive packet to a remote computer to determine if the connection is still valid. Microsoft recommends a value of 300,000 (five minutes).
these DWORD values reside in this registry key:
NOTE: Editing the registry can be risky, so be sure you have a verified backup before making any changes.