Skip navigation

JSI Tip 9357. The event log indicates that a client computer attempted a Denial-Of-Service attack against your 64-bit version of Windows Server 2003?

Your Application event log contains:

Event ID: 2025
Source: SRV
Description: The server has detected an attempted Denial-Of-Service attack from client \\computer_name, and has disconnected the connection.

As indicated, clients are disconnected from the server.

This behavior will occur when the server is under high-stress, such as during very heavy network traffic.

I have scripted MaxMpxCt.bat to increase the number of concurrent commands that can be outstanding between a client and a server.

The syntax for using MaxMpxCt.bat is:

MaxMpxCt Number

Where Number is the number of concurrent outstanding network requests that are allowed, in the range of 50 - 65535. DO NOT set the Number too high as each additional concurrent command consumes resources, such as paged pool memory. The default value is 50.
NOTE - If you set Number to 0, instead of altering the number of concurrent outstanding network requests, MaxMpxCt.bat will disable Denial-Of-Service detection, BUT I WOULDN'T DO THIS ON MY NETWORK.

MaxMpxCt.bat contains:

@echo off
if \{%1\}==\{\} @echo Syntax: MaxMpxCt Number&goto :EOF
setlocal
set key=HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters
if "%1" EQU "0" goto NDOS
set IN=%1
set /a Number=100000%IN%%%100000
if "%IN%" NEQ "%Number%" @echo Syntax: MaxMpxCt Number&endlocal&goto :EOF
@echo REG ADD %key% /V MaxMpxCt /T REG_DWORD /F /D %Number%
REG ADD %key% /V MaxMpxCt /T REG_DWORD /F /D %Number%
endlocal
goto :EOF
:NDOS
@echo REG ADD %key% /V DisableDos /T REG_DWORD /F /D 1
REG ADD %key% /V DisableDos /T REG_DWORD /F /D 1
endlocal



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish