Skip to main content

Posts

Showing posts from April, 2010

Hardening the TCP/IP Stack

I had to spend some time today writing a registry file that would harden the TCP/IP stack. I did not want to manually update all the servers so figured I would just set up a registry file to do it for me. Below is the setting you can put in a .reg file to harden the stack. REMINDER : this comes with no warranty and you should always backup your registry before you make any changes.Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters]
"SynAttackProtect"=dword:00000002
"TcpMaxPortsExhausted"=dword:00000001
"TcpMaxHalfOpen"=dword:000001f4
"TcpMaxHalfOpenRetried"=dword:00000190
"TcpMaxConnectResponseRetransmissions"=dword:00000002
"TcpMaxDataRetransmissions"=dword:00000002
"EnablePMTUDiscovery"=dword:00000000
"KeepAliveTime"=dword:000493e0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\N…