|
Change the TIME_WAIT Timeout to Increase Connections (Windows NT/2000/XP)
This setting determines the length of time that a connection will stay in the TIME_WAIT state before being closed. The default is 240 seconds which on a busy server will limit the maximum connections to around 200/sec. Reducing this setting will increase the maximum connection limit.
Harden the TCP/IP Stack for Denial of Service Attacks (Windows 2000/XP)
Denial of service attacks are network attacks that are aimed at making a computer or a particular service unavailable to network users. These settings can be used to increase the ability for Windows to defend against these attacks when connected directly to the Internet.
Disables DHCP Router Discovery (All Windows)
The ICMP Router Discovery Protocol (IRDP) comes enabled by default for Windows clients using DHCP. This can be a security issue because by spoofing IRDP Router Advertisements, an attacker can remotely add default route entries on a remote system.
Protect Against SYN Flood Attacks (Windows NT/2000/XP)
Windows includes protection that allows it to detect and adjust when the system is being targeted with a SYN flood attack (a type of denial of service attack). When enabled the connection responses time out more quickly in the event of an attack.
Configure DHCP Server for Unicast (Windows NT/2000/XP)
By default, the Windows DHCP server sends all DHCP responses as IP broadcasts to the limited broadcast address (). However, the DHCP server can be configured send to unicast responses by applying this tweak.
Specify the Router Buffer Size (Windows NT/2000/XP)
This parameter determines how much memory IP allocates to store packet data in the router packet queue. When this buffer space is filled, the router begins discarding packets at random from its queue.
Offload IP Security Task Processing (Windows 2000/XP)
This setting is used to control whether IP Security (IPSEC) tasks should be offloaded to a network card with IP security capabilities.
Enable IP Packet Forwarding (Windows NT/2000/XP)
By default, TCP/IP forwarding is not enabled in Windows, this setting can be used to enable TCP/IP forwarding for all network connections that are installed and used by the computer.
Control RFC 1323 Time Stamp and Window Scaling (Windows NT/2000/XP)
This setting controls RFC 1323 timestamps and window scaling options. Timestamps and Window scaling are enabled by default, but can be manipulated with flag bits.
Control Selective Acknowledgement (SACK) Operation (Windows NT/2000/XP)
This parameter controls whether or not Selective ACK (SACK - RFC 2018) support is enabled. With SACK enabled (default), a packet or series of packets can be dropped, and the receiver informs the sender which data has been received, and where there may be "holes" in the data.
Control Windows Treatment of Priority TCP/IP Data (Windows NT/2000/XP)
This parameter determines whether TCP uses the RFC 1122 specification for urgent data or the mode used by BSD- derived systems. The two mechanisms interpret the urgent pointer in the TCP header and the length of the urgent data differently.
Specify the Router Packet Queue Size (Windows NT/2000/XP)
This parameter determines the number of IP packet headers allocated for the router packet queue. When all headers are in use, the router will begin to discard packets at random from the queue.
Control Keep Alive Parameters (Windows NT/2000/XP)
These settings control how Windows manages connection keep alive transmissions. Including the timeout before keepalives are sent and the interval between keepalive transmissions.
Specify the Conformance Level for IP Multicast (Windows NT/2000/XP)
This parameter determines to what extent the system supports IP multicasting and participates in the Internet Group Management Protocol, RFC 1112.
Enable Dead Gateway Detection (Windows NT/2000/XP)
This setting specifies whether Windows should automatically detect and use an alternate gateway in the event of transmiting a segment several times without receiving a response.
| 
Registry
Features