SYN attacks take advantage of the Transmission Control Protocol and do not exploit any inherent weakness in Windows NT Server. SYN attacks are not harmful to your information resources, but they can tie up your Internet service in a destructive way.
To prevent SYN attacks, first you must ensure that your network is not a source of SYN attacks. To do this, set the filter attached to your proxy server or firewall to examine packets and prevent them from going out if their source address is not the same as your network address.
At the same time, make sure your Internet service provider has appropriate filters in place to discourage SYN attacks.
As part of system maintenance, it is a good idea to log activity on TCP ports. Then, if the volume of SYN requests dramatically increases, the administrator can deal with the problem before users report difficulty gaining access to resources.
If you suspect that your server is experiencing a SYN attack, at the command prompt type:
netstat -n -p tcp
An Active Connections report appears, which shows instances of SYN_RECEIVED connections. An abnormal amount of SYN_RECEIVED connections can indicate a SYN attack.
For the latest information on how you can use Windows NT Server to protect your Internet services against SYN attacks, search the Knowledge Base by using the keywords "SYN attack."