TcpMaxHalfOpen

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Data type Range Default value
REG_DWORD 0x64 - 0xFFFF connections Windows NT Server: 0x64 (100), Windows NT Workstation: 1F4 (500)

Description

Determines how many connections the server can maintain in the half-open (SYN-RCVD) state before TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server (that is, the value of SynAttackProtect is 1 and the value of TcpMaxConnectResponseRetransmissions is at least 2).

This entry establishes one of three configurable thresholds which, when exceeded, trigger TCP's SYN attack flooding protection feature. Because SYN flooding often results in many half-open connections, TCP interprets an elevated number of half-open connections to be a symptom of SYN flooding.

The other thresholds are:

Note Image Note

The value of this entry should be greater than the value of TCPMaxHalfOpenRetried.

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

Related Entries

Page Image

Page Image

Page Image

Page Image