Skip to main content

Posts

Showing posts from April, 2010

Hardening the TCP/IP Stack

I had to spend some time today writing a registry file that would harden the TCP/IP stack. I did not want to manually update all the servers so figured I would just set up a registry file to do it for me. Below is the setting you can put in a .reg file to harden the stack. REMINDER : this comes with no warranty and you should always backup your registry before you make any changes. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] "SynAttackProtect"=dword:00000002 "TcpMaxPortsExhausted"=dword:00000001 "TcpMaxHalfOpen"=dword:000001f4 "TcpMaxHalfOpenRetried"=dword:00000190 "TcpMaxConnectResponseRetransmissions"=dword:00000002 "TcpMaxDataRetransmissions"=dword:00000002 "EnablePMTUDiscovery"=dword:00000000 "KeepAliveTime"=dword:000493e0 [HKEY_LOCAL_MACHINE\SYSTEM\Curren