G
Guest
I've got the CHX-I Packet Filter installed on my Windows 2000
machine. One of the things that it lets you configure is enabling SYN
flood protection when a certain number of half-open connections is
reached.
I've also noticed that the Windows TCP/IP stack can protect against
SYN floods (see http://support.microsoft.com/kb/315669), and I'm
wondering how things will work if there are 2 different things on my
system that protect against SYN attacks (the TCP/IP stack and the CHX-
I packet filter).
I've discovered that CHX-I uses an NDIS intermediate driver, although
I don't exactly know what that means.
So what happens with incoming packets? Will CHX-I intercept all of
them without letting the TCP/IP stack handle them at all? Or will the
TCP/IP stack process them first, before handing them off to CHX-I?
machine. One of the things that it lets you configure is enabling SYN
flood protection when a certain number of half-open connections is
reached.
I've also noticed that the Windows TCP/IP stack can protect against
SYN floods (see http://support.microsoft.com/kb/315669), and I'm
wondering how things will work if there are 2 different things on my
system that protect against SYN attacks (the TCP/IP stack and the CHX-
I packet filter).
I've discovered that CHX-I uses an NDIS intermediate driver, although
I don't exactly know what that means.
So what happens with incoming packets? Will CHX-I intercept all of
them without letting the TCP/IP stack handle them at all? Or will the
TCP/IP stack process them first, before handing them off to CHX-I?