Connectivity issues under a SYN flood
From: Yossi Attas [MSFT] (yossia_at_online.microsoft.com)
Date: 09/05/04
- Next message: Yossi Attas [MSFT]: "Re: 0xc0040017 FWX E TCP NOT SYN PACKET DROPPED"
- Previous message: Nathan B [MSFT]: "New VPN Documents!"
- Next in thread: xxx|HMi|xxx: "Re: Connectivity issues under a SYN flood"
- Reply: xxx|HMi|xxx: "Re: Connectivity issues under a SYN flood"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 5 Sep 2004 16:11:22 +0300
We have recently learnt that when installed on a machine with certain
network adapters, ISA 2004 may have connectivity issues while being under a
flood of SYN packets.
The issue is related to the TCP/IP stack's ability to allow the network
adapter to calculate the TCP checksum by itself in certain scenarios.
This feature is also known as Task Offloading.
Apparently, while being in SYN attack protection mode, ISA does not utilize
the task offloading feature properly which results in corrupt checksums and
therefore failure to create new TCP connections.
The workaround for this issue is to disable Task Offloading.
To do so in registry location
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters,
create a DWORD value called DisableTaskOffload, and set it to 1.
This option requires restart of the machine.
A KB is to be published soon.
Thanks,
Yossi Attas [MSFT]
- Next message: Yossi Attas [MSFT]: "Re: 0xc0040017 FWX E TCP NOT SYN PACKET DROPPED"
- Previous message: Nathan B [MSFT]: "New VPN Documents!"
- Next in thread: xxx|HMi|xxx: "Re: Connectivity issues under a SYN flood"
- Reply: xxx|HMi|xxx: "Re: Connectivity issues under a SYN flood"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
