| • |
Adjusts retransmission of SYN-ACKS.
The connection responses time out more quickly during a SYN flood. |
| • |
Determines how many connections the server
can maintain in the half-open (SYN-RCVD) state before TCP/IP
initiates SYN flooding attack protection. |
| • |
Determines how many connections the server
can maintain in the half-open (SYN-RCVD) state even after a connection
request has been retransmitted. |
| • |
Specifies the threshold of TCP connection
requests that must be exceeded before SYN flood protection is
triggered. |
| • |
Controls how many times a SYN-ACK is retransmitted
before canceling the attempt when responding to a SYN request. |
| • |
Determines how many times TCP retransmits
an unacknowledged data segment on an existing connection. TCP
retransmits data segments until they are acknowledged or until
this value expires. |
| • |
An attacker could force the MTU to a very
small value and overwork the stack by forcing the server to fragment
a large number of packets. |
| • |
This setting controls how Windows manages
connection keep alive transmissions. Specifies how often TCP
attempts to verify that an idle connection is still intact by
sending a keep-alive packet. |
| • |
A denial of service (DoS) attack against
Windows servers is to send it a "name release" command.
This will cause it to release its NetBIOS, preventing clients
from accessing the machine |
| • |
Internet Control Message Protocol (ICMP) redirects
cause the stack to plumb host routes. |
| • |
Disables ICMP Router Discovery Protocol
(IRDP) where an attacker may remotely add default route entries
on a remote system. |
| • |
Determines whether TCP performs dead gateway
detection. An attacker could force the server to switch gateways,
potentially to an unintended one. |
| • |
Specifies AFD.SYS functionality to withstand
large numbers of SYN_RCVD connections efficiently. |
| • |
Specifies the minimum number of free connections allowed on a
listening endpoint. If the number of free connections drops below
this value, a thread is queued to create additional free connections. |
| • |
Specifies the maximum total amount of both free connections plus
those in the SYN_RCVD state. Set to lowest for Workstations! |
| • |
Specifies the number of free connections to create when additional
connections are necessary. |
| • |
This parameter is used to prevent address sharing (SO_REUSEADDR)
between processes so that if a process opens a socket, no other
process can steal data from it. |
| • |
NAT is used to screen a network from incoming connections. An
attacker can circumvent this screen to determine the network topology
using IP source routing. Disables IP source routing. |
| • |
Processing fragmented packets can be expensive. Although it is
rare for a denial of service to originate from within the perimeter
network, this setting prevents the processing of fragmented packets.Prevents
the IP stack from accepting fragmented packets. |
| • |
Multicast packets may be responded to by multiple hosts, resulting
in responses that can flood a network. The routing service uses
this parameter to control whether or not IP multicasts are forwarded.
This parameter is created by the Routing and Remote Access Service. |
| • |
Your computers running Windows may be responding to Address Mask
requests on the network, which could enable malicious users to
discover some of your network topology information. |
| • |
By default, the DNS resolver accepts responses from the DNS servers
that it did not query. This feature speeds performance but can
be a security risk. |
| • |
Malicious User Can Shut Down Computer Browser Servic. An vulnerability
exists in the computer browser protocol ResetBrowser frame that
could allow a malicious user to shut down a computer browser on
the same subnet, or shut down all of the computers browsers on
the same subnet. |
| • |
Windows NT has a feature where anonymous logon users can list
domain user names and enumerate share names.Users who want enhanced
security have requested the ability to optionally restrict this
functionality. |
| • |
A hidden share is identified by a dollar sign ($) at the end
of the share name. Hidden shares are not listed when you look through
the shares on a computer or use the net view command. If enabled
this option will hide all the administrative shares. |
| • |
Determines how many times TCP sends an Address Request Packet
for its own address when the service is installed. This is known
as a gratuitous Address Request Packet. |
| • |
Determines the time that must elapse before TCP can release a
closed connection and reuse its resources. This interval between
closure and release is known as the TIME_WAIT state or 2MSL state. |
