computer_iconI had a customer who was looking for guidance on how to harden the IP stack of Server 2008 R2 similar to the guide on how to harden server 2003.

How to harden the TCP/IP stack against denial of service attacks in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;324270

It turns out there is no paper on how to do this for Server 2008 because it is built into the new IP stack. It has been there since the new IP stack in Vista and Server 2008.  This feature is even better in two ways. The first is it is self tuning. The second is that you can’t turn it off. You can read more about it here:
http://blogs.technet.com/b/nettracer/archive/2010/06/01/syn-attack-protection-on-windows-vista-windows-2008-windows-7-and-windows-2008-r2.aspx