Over the past two month we had hard time trouble with Sync attack
We are running windows 2008 R2 server
We have firewall on Linux
When Sync attack start the server blocks all traffic and it takes time for our Linux guy to find IP of attacker and block them. He told us that the Sync attack on our server are not heavy and the server should handle them and we need to do some adjusting.
What we done:
1. increased the number of the Threads per processor limit on IIS from 25 (default) to 50.
2. Reduced SQL server memory allocation to increase the free memory.
3. Reduced the TIME_WAIT by setting the TcpTimedWaitDelay TCP/IP parameter to 30 seconds on the windows registry key HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.
4. Increased the range of ephemeral ports by setting the dynamicportrange to an higher value through the command netsh int ipv4 set dynamicportrange tcp start=32767 num=32768, this set the port range from 32768 to 65535.
Did not help a lot. What else could be done. I have run into some instruction at
https://alnitech.com/2014/06/how-to-protect-your-windows-server-from-syn-flood/
yet not sure whether it will help.
Would apreciate any help