TcpMaxPortsExhausted

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Data type	Range	Default value
REG_DWORD	0x0 - 0xFFFF	0x5

Description

Determines how many connection requests the system can refuse before TCP/IP initiates SYN flooding attack protection. The system must refuse all connection requests when its reserve of open connection ports runs out. This entry is used only when SYN flooding attack protection is enabled on this server (that is, the value of SynAttackProtect is 1 and the value of TcpMaxConnectResponseRetransmissions is at least 2).

This entry establishes one of three configurable thresholds which, when exceeded, trigger TCP's SYN attack flooding protection feature. Because SYN flooding often consumes all reserved connection ports, TCP interprets an elevated number connection refusals and a depleted port reserve as a symptom of SYN flooding.

The other thresholds are:

The total number of connections in the half-open (SYN-RCVD) state exceeds the value of TcpMaxHalfOpen;
The number of connections that remain in the half-open (SYN-RCVD) state even after a connection request has been retransmitted exceeds the value of TcpMaxHalfOpenRetried

Note Image Note

If the value of this entry is 0, SYN flooding protection is triggered as soon as the backlog of connection ports is consumed.

Related Entries

Page Image

SynAttackProtect

Page Image

TcpMaxConnectResponseRetransmissions

Page Image

TCPMaxHalfOpen

Page Image

TCPMaxHalfOpenRetried