Windows Server 2003 Tuned Secuity & Speed Tcp/IP (all) Parameters List fully doc Posted by Alec§taar Windows Registry Editor Version 5.00 ;============================================================================================================ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] ************************************************************************************************************ ;============================================================================================================ ;USEFUL GENERIC URLS LIST FROM MICROSOFT FOR SECURITY PURPOSES USED IN THIS PREBUILT .REG FILE DOCUMENT ;============================================================================================================ ;Microsoft Windows Server 2003 TCP/IP Implementation Details MAIN PAGE: ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2working/tcpip03.mspx ;------------------------------------------------------------------------------------------------------------ ;------------------------------------------------------------------------------------------------------------ ;Microsoft Windows Server 2003 TCP/IP Implementation Details Parameters: ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/netwoing/tcpip03.mspx#ECAA ;------------------------------------------------------------------------------------------------------------ ;------------------------------------------------------------------------------------------------------------ ;SECURITY CONSIDERATIONS FOR NETWORK ATTACKS: ;http://www.microsoft.com/technet/archive/security/prodtech/windows/iis/dosrv.mspx ;------------------------------------------------------------------------------------------------------------ ;------------------------------------------------------------------------------------------------------------ ;TCP Transport Entries (all esoteric/unusual settings found here): ;http://support.microsoft.com/kb/q102973/ ;------------------------------------------------------------------------------------------------------------ ;------------------------------------------------------------------------------------------------------------ ;TCP/IP Exploits & Countermeasures for Win2k Server: ;http://www.microsoft.com/technet/security/guidance/secmod150.mspx ;------------------------------------------------------------------------------------------------------------ ;------------------------------------------------------------------------------------------------------------ ;Network Hardening & Security - Packet filtering Udp/Tcp - PortsAllowed + EnableSecurityFilters: ;http://www.microsoft.com/technet/security/guidance/legsgch3.mspx ;------------------------------------------------------------------------------------------------------------ ;------------------------------------------------------------------------------------------------------------ ;Prevent Session Hijacking ;http://www.microsoft.com/technet/technetmag/issues/2005/01/sessionhijacking/default.aspx ;------------------------------------------------------------------------------------------------------------ ;------------------------------------------------------------------------------------------------------------ ;ADDITIONAL REGISTRY SETTINGS - FOR AFD SETTINGS (ESPECIALLY): ;http://www.microsoft.com/technet/security/guidance/secmod57.mspx ;------------------------------------------------------------------------------------------------------------ ;------------------------------------------------------------------------------------------------------------ ;FOR TUNING PARAMETERS FOR SPEED FOR CABLEMODEM/DSL vs. 57.6k/33.6k/28.8k/14.4k DIALUP MODEMS: ;http://www.speedguide.net ;------------------------------------------------------------------------------------------------------------ ;------------------------------------------------------------------------------------------------------------ ;APK Security & Online Speed Tuning Guide: ;http://www.avatar.demon.nl/APK.html ;------------------------------------------------------------------------------------------------------------ ;------------------------------------------------------------------------------------------------------------ ;APK Local System Performance Tuning Guide: ;http://www.avatar.demon.nl/APKTuneup.html ;------------------------------------------------------------------------------------------------------------ ;------------------------------------------------------------------------------------------------------------ ;Winsock 2 parameters explanations: ;http://www.sockets.com/winsock.htm ;------------------------------------------------------------------------------------------------------------ ;------------------------------------------------------------------------------------------------------------ ;Documentation for WinSock2 by Microsoft (i.e.-> API for Microsoft reimplementation of the FreeBSD IP Stack): ;ftp://ftp.microsoft.com/bussys/winsock/winsock2/ ;------------------------------------------------------------------------------------------------------------ ;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ;APK FORMAT IN DOCUMENTING EACH POSSIBLE Tcp/IP stack entry (performance & security) tuning generic header ;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ;"ENTRY NAME"=dword:Hex, Bin, or String Values (by param type) ;URL for specific tuning & default setting information (usually Microsoft &/or Speedguide + APK URL Guides) ;Function + Description (MS) & use of settings for security &/or performance (APK) ;DEFAULT SETTING LISTED ;TWEAK PARAMETER SETTING (in place or not) ;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ;************************************************************************************************************ ;BRAND NEW SETTINGS FOR WINDOWS SERVER 2003...apk ;************************************************************************************************************ ;============================================================================================================ "UdpNumconnections"=dword:00000040 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Specifies the maximum # of UDP endpoints. ; ;DEFAULT 64 ; ;TWEAK PARAMETERS: tuned 00000040 hex value (64 decimal) above - default ; ;============================================================================================================ ;============================================================================================================ "TcpNumconnections"=dword:00000080 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;This limits the maximum # of connects that TCP can have open simultaneously. ; ;If the value of this entry is 0, you cannot establish any connects. Be a heck of a registry hack for a virus ; ;Acceptable Ranges -> 0–0xFFFFFE ; ;DEFAULT = 0xFFFFFE ;Win2k doesnt add this entry to the registry. You can add it by editing the registry ;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;TWEAK PARAMETERS: tuned ;The default value of 16 million is probably a good value as it limits max concurrent connects, ;though it seems that the value only has importance in early versions of NT4 ;============================================================================================================ "BroadcastType"=dword:00000000 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Determines whether broadcast packets contain all 0's or all 1's as the broadcast address. The most common ;broadcast type is all 1's. The all-0's setting is provided for compatibility w/ BSD 4.2 systems. ; ;DEFAULT 0 ; ;TWEAK PARAMETERS: tuned default ; ;============================================================================================================ "RouterMTU"=dword:00000000 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Specifies the maximum transmission unit size that should be used when the destination IP address is on a ;different subnet. Each interface used by TCP/IP may have a different RouterMTU value specified. ;In many implementations, the value of RouterMTU is set to 576 octets. This is the minimum size that must ;be supported by any IP node. Because modern routers can usually h≤ MTUs larger than 576 octets, the ;default value for This is the same value as that used by MTU. ; ;DEFAULT 0 ; ;TWEAK PARAMETERS: tuned default ; ;============================================================================================================ "Trailers"=dword:00000000 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Specifies whether the trailer format is used. This feature provides compatibility w/ BSD 4.2 systems. ;When this feature is enabled, TCP/IP header information follows the data area of IP packets. ; ;DEFAULT 0 ; ;TWEAK PARAMETERS: tuned default ; ;============================================================================================================ ;************************************************************************************************************ ;START NORMAL ENTRIES SECTION PER MICROSOFT WINDOWS SERVER 2003 STANDARD TCP/IP PARAMETERS ENTRIES...apk ;************************************************************************************************************ ;============================================================================================================ "DeadGWDetectDefault"=dword:00000001 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Specifies whether the computer detects nonfunctional gateways. ; ;DEFAULT 1 (on/true) on Windows 2003 Server ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "DontAddDefaultGatewayDefault"=dword:00000000 ;----------------------------------------------------------------------------------------------------------- ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Specifies whether the computer uses the default gateway. ; ;DEFAULT 0 (off/false) on Windows 2003 Server ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "EnableDeadGWDetect"=dword:00000000 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;When This is set to 1, TCP is allowed to perform dead-gateway detection. w/ this feature enabled, ;TCP may ask IP to change to a backup gateway if a # of connects are experiencing difficulty. ;Backup gateways may be defined in the advanced properties of the TCP/IP protocol. See the ;“Dead Gateway Detection” section in this paper for details. ; ;DEFAULT = 0 (off/false boolean switch) ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "EnableICMPRedirect"=dword:00000000 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ;http://www.microsoft.com/technet/security/guidance/secmod57.mspx ;http://www.microsoft.com/technet/security/guidance/secmod150.mspx ; ;This controls whether Windows Server 2003 alters its routing table in response to Internet ;Control Message Protocol (ICMP) messages that instruct it to direct datagrams for the recipient along a ;different route ; ;ICMP provides a means by which a host sending IP datagrams can be informed about delivery ;issues. ICMP doesnt guarantee delivery of IP datagrams (that kind of error correction is left to ;higher level protocols, like TCP), but rather, it allows network devices, like a router, to tell a ;sending computer about delivery errors, to suggest shorter routes to a destination, & to assist ;in probing the network. For more information about ICMP, see RFC 792 Internet Control Message ;Protocol, and RFC 1122 Requirements for Internet Hosts—Communication Layers. ; ;Windows Server 2003 accepts redirection messages from any host in the route between this ;computer & the destination computer, & not just first-hop routers. Accepting redirection from ;only first-hop routers causes problems in some scenarios involving Routing & Remote Access Server (RAS) ; ;DEFAULT = 0 (on/true) on Windows 2003 Server ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "EnablePMTUDiscovery"=dword:00000001 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;EnablePMTUDiscovery Determines whether TCP uses a fixed, default maximum transmission unit (MTU) or attempts ;to detect the actual MTU. ; ;By discovering the Path MTU & limiting TCP segments to this size, TCP can eliminate fragmentation ;at routers connecting networks w/ different MTUs. Fragmentation reduces TCP throughput & ;increases network congestion. ; ;By default, this entry applies to all interfaces. However, the MTU can be reduced for any particular ;interface by changing the default value of the MTU entry in the subkey for that interface. ; ;When This is set to 1 (true) TCP attempts to discover the Maximum Transmission Unit (MTU), or ;largest packet size, over the pathto a remote host. By discovering the Path MTU (PMTU) & limiting TCP ;segments to this size, TCP can eliminate fragmentation at routers along the path that connect networks ;w/ different MTUs. Fragmentation adversely affects TCP throughput & network congestion. Setting this ;parameter to 0 (not recommended) causes an MTU of 576 bytes to be used for all connects that are not ;to destinations on a locally attached subnet. ; ;EXPLANATIONS & EXAMPLES ; ;AUTOMATED CHANGE METHODS VIA GUI IN OPERATING SYSTEM TIPS ; ;DEFAULT = 1 (on/true) Win2k doesnt add this entry to the registry. added by registry edit or by ;using a program that edits the registry. ;not present in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;0 = TCP uses an MTU of 576 bytes for all connects to computers outside the local subnet. ;1 = TCP attempts to discover the MTU of the path to a remote host. ; ;MTU explained: ; ;Reduces the size of the maximum transmission unit (MTU) that TCP/IP uses for the network interface ;The value of this entry takes precedence over the MTU that the network adapter detects dynamically. ;The MTU is the size of the largest packet that can be transmitted over the underlying network, ;including the size of the transport header. The MTU is configured separately for each interface. ;To prevent fragmentation, the MTU should be large enough to hold any IP datagram in a single frame. ;IP datagrams larger than the MTU are divided into fragments whose size is a multiple of eight octets. ;The fragments travel separately to the destination computer, where they are reassembled before the ;datagram is processed. ; ;MTU detection is determined for all interfaces by the value of the EnablePMTUDiscovery entry. By ;default, the network adapter for each interface detects the largest MTU that the interface can transmit, ;& it uses that MTU for its transmissions. However, if MTU detection is disabled (that is, the value of ;EnablePMTUDiscovery is 0), the system uses a fixed MTU of 576 bytes. If you change the default ;value of the MTU entry, you override either setting as it pertains to the interface represented by this ;subkey. ; ;0x44 (68 bytes) - dynamically determined MTU. Specifies the MTU used for the network interface. ;This value overrides the MTU that the network adapter dynamically determines. ; ;0xFFFFFFFF (or any value greater than the dynamically-determined MTU) - Use the dynamically-determined MTU. ; ;If you enter a value greater than the dynamically-determined MTU, the system uses the value of the ;dynamically-determined MTU instead. You can use this entry to reduce, but not to increase, the size ;of the MTU. ; ;In general, replacing a dynamically-determined value w/ a fixed value degrades the performance of ;the operating system. Do not change the value of this entry unless the detected MTU is not ;compatible w/ the network media. ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "EnableSecurityFilters"=dword:00000000 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Determines whether TCP/IP filters datagrams & TCP sync characters (SYNs). ; ;If the value of this entry is 1, TCP/IP filters all incoming User Datagram Protocol (UDP) ;datagrams, raw IP datagrams, & TCP SYNs. You can customize the filtering for each interface ;by using the UdpAllowedPorts, TcpAllowedPorts, & RawIpAllowedProtocols entries. ; ;UdpAllowedPorts, TcpAllowedPorts, & RawIPAllowedProtocols ;only appear IF turned on via GUI & default 0 (off) ; ;To change the value of this entry, use Network & Dial-up connects. Right-click Local Area ;Connection, click Properties, click Internet Protocol (TCP/IP), & then click the Properties ;button. On the Internet Protocol (TCP/IP) Properties page, click the Advanced button, click ;the Options tab, click TCP/IP filtering, & then click Properties. This entry is associated w/ ;the Enable TCP/IP Filtering (All adapters) check box. ; ;BUT IS VISIBLE BY DEFAULT @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ;but its working parameters of TcpAllowedPorts & UdpAllowedPorts are what make it actually work specific ;to ports you allow in on for: ;UDPAllowedPorts (IP port 17, default 0/off/false all Udp Datagrams accepted) ;or ;TCPAllowedPorts (IP port 6, default 0/off/false accepts ALL Syn for Ack by local system (ack) receipt). ; ; (See each below next because I put them next to this, to ;understand better what is meant!... apk) ; ;DEFAULT = 0 (off/false) on Windows 2003 Server ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "IPEnableRouter"=dword:00000000 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;When the value of this entry is 1 system routes IP packets to ;all networks to which it is connected.... apk ; ;THIS ENABLES IP FORWARDING... apk ; ;DEFAULT = 0 (off/false) on Windows Server 2003 ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "UseDomainNameDevolution"=dword:00000000 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Stores configuration data for the policy setting Primary DNS Suffix Devolution ; ;Determines whether the DNS client performs name devolution. ; ;By default, when a query fails for a name to which a primary DNS suffix has been attached, ;the DNS client drops the left-most label of the primary DNS suffix on each successive attempt, ;making the query more general. This is known as name devolution. ; ;For example, if the primary DNS suffix ooo.aaa.reskit.com is attached to the name reskituser ;& if the query for reskituser.ooo.aaa.reskit.com fails, the DNS client devolves ; (drops the left-most label) the primary DNS suffix & submits a query for reskituser.aaa.reskit.com. ;The DNS client devolves the primary DNS suffix on each attempt until the name is successfully ;resolved or the name to be submitted has fewer than 2 labels. ; ;To change the value of this entry, use the Group Policy Object Editor (Gpedit.msc). The corresponding ;policy is located in Administrative Templates\Network\DNS Client. ; ; (Same as Tcp/IP Properties, Advanced, DNS Tab, Clearing of Append parent suffixes of the primary DNS suffix) ; ;DEFAULT = 1 (on/true) on Windows Server 2003 ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "KeepAliveTime"=dword:00023280 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;The parameter controls how often TCP attempts to verify that an idle connection is still intact by sending ;a keep-alive packet. If the remote system is still reachable & functioning, it acknowledges the keep-alive ;transmission. Keep-alive packets are not sent by default. This feature may be enabled on a connection by ;an application. ; ;This entry is used when the remote system is responding to TCP. Otherwise, the interval between ;transmissions is determined by the value of the KeepAliveInterval entry. ; ;By default, keep-alive transmissions are not sent. The TCP keep-alive feature must be enabled by a program ;such as Telnet, or by an Internet browser, such as Internet Explorer. ; ;DEFAULT = 7,200,000 (2 hours) ; ;TWEAK PARAMETERS: tuned ;300,000 hours per Microsoft URL above...apk ; ;============================================================================================================ "PerformRouterDiscovery"=dword:00000002 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;This controls whether Windows Server 2003 attempts to perform router discovery per RFC 1256 on ;a per-interface basis. See also SolicitationAddressBcast. ; ;Router discovery solicits router information from the network. The system adds the information retrieved ; to the route table. The router discovery method is specified in RFC 1256, ICMP Router Discovery Messages. ; ;Acceptable Ranges -> 0, 1, 2 ; ;0 (disabled) ;1 (enabled) ;2 (enable only if DHCP sends the router discover option) ; ;DEFAULT = 2, DHCP-controlled off by default. (for Win2k is 1 default & doesnt visibly add it, but in use) ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "TcpMaxDataRetransmissions"=dword:00000006 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Determines how many times TCP retransmits an unacknowledged data segment on an existing ;connection. TCP retransmits data segments until they are acknowledged or until this value expires. ; ;TCP/IP adjusts the frequency of retransmissions over time. TCP establishes an initial retransmission ;interval by measuring the round trip time on the connection. The interval doubles w/ each successive ;retransmission on a connection, & it is reset to the initial value when responses resume. ; ;This entry is also used in the Windows algorithm for defining non-operational (dead) gateways. ;A given connection defines a gateway as dead (& switches to the next gateway in the list in stored ;in the value of the DefaultGateway or DhcpDefaultGateway entries) when a packet sent to the ;gateway must be retransmitted more than half of the # of times specified in the value of this ;entry. The system defines a gateway as dead when more than 25 percent of its connects have ;switched to the next default gateway in the list. ; ;This entry determines how many times TCP retransmits data segments. The maximum # of ;retransmissions of requests for new connects is determined by the value of the ;TcpMaxConnectRetransmissions entry. ; ;Win2k doesnt add this entry to the registry. You can add it by editing the registry or by ;using a program that edits the registry. ; ;Range 0x0–0xFFFFFFFF ; ;DEFAULT = 5 ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "SynAckProtect"=dword:00000001 ;------------------------------------------------------------------------------------------------------------ ; ;DOS/DDOS protection method ;A value of 2 will disable Windows Scaling(Tcp1323Opts=3) & it is not supported by WinXP/2003 ; ;DEFAULT = 0 (off/False boolean switch) Recommend 1 or 2 ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "SynAttackProtect"=dword:00000002 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;DOS/DDOS protection method ;SYN attack protection involves reducing the amount of retransmissions for the SYN-ACKS, which will reduce ;the time for which resources have to remain allocated. The allocation of route cache entry resources is ;delayed until a connection is made & the connection indication to AFD is delayed until the three-way ;handshake is completed. Note that the actions taken by the protection mechanism only occur if ;TcpMaxHalfOpen & TcpMaxHalfOpenRetried settings are exceeded. ; ;Determines whether the SYN flooding attack protection feature of TCP/IP is enabled. SYN flooding attack ;protection is enabled when the value of this entry is 1 & the value of the ;TcpMaxConnectResponseRetransmissions entry is at least 2 (see note below). ; ;NOTE - This value is used only when the # of SYN-ACK retransmissions is likely to impair the server, ;that is, when the value of the TcpMaxConnectResponseRetransmissions entry is at least 2. ; ;The SYN flooding attack protection feature of TCP detects symptoms of denial-of-service attacks ; (also known as SYN flooding), & it responds by reducing the time the server spends on connection ;requests that it cannot acknowledge. ; ;Acceptable Ranges -> 0, 1 ; ;0 (no SYN attack protection) SYN flooding attack protection is not enabled. ;1 (reduced retransmission retries & delayed RCE [route cache entry] creation if the TcpMaxHalfOpen & ; TcpMaxHalfOpenRetried settings are satisfied & a delayed indication to Winsock is made.) ; SYN flooding attack protection is enabled. ; ;DEFAULT = 0 (on/true boolean switch) Recommend 1 ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "TCPMaxPortsExhausted"=dword:00000005 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Determines how many connection requests the system can refuse before TCP/IP initiates SYN flooding attack ;protection. The system must refuse all connection requests when reserve of open connection ports runs out. ;This entry used only when SYN flooding attack protection is enabled on this server, that is, the value of ;the SynAttackProtect entry is 1 & value of the TcpMaxConnectResponseRetransmissions entry is at least 2). ; ;This entry establishes one of three configurable thresholds that, if exceeded, trigger TCP's SYN attack ;flooding protection feature. Because SYN flooding often consumes all reserved connection ports, TCP ;interprets an elevated # connection refusals & a depleted port reserve as a symptom of SYN flooding. ; ;The other 2 thresholds are: ; ;1.) The total # of connects in half-open (SYN-RCVD) state exceeds value of TcpMaxHalfOpen entry. ; ;2.) The # of connects remaining in half-open (SYN-RCVD) state even after a connection request has ; been retransmitted exceeds the value of the TcpMaxHalfOpenRetried entry. ; ;Note - If the value of this entry is 0, SYN flooding protection is triggered as soon as the backlog of ;connection ports is consumed. ; ;RELATED ENTRIES - SynAttackProtect (above & default), TcpMaxConnectResponseRetransmissions (next below), ; TCPMaxHalfOpen, & TCPMaxHalfOpenRetried (below, non-std.) ; ;Acceptable Ranges -> 0x0–0xFFFF ; ;DEFAULT = 0x5 ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "TcpMaxConnectResponseRetransmissions"=dword:00000002 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;This controls the # of times that a SYN-ACK is retransmitted in response to a connection ;request if the SYN is not acknowledged. If this value is greater than or equal to 2, the stack employs ;SYN attack protection internally. If this value is less than 2, the stack doesnt read the registry ;values at all for SYN attack protection. ; ;TCP/IP adjusts the frequency of retransmissions over time. The delay between the first & second ;retransmission is three seconds. This delay doubles after each attempt. After the final attempt, ;TCP/IP waits for an interval equal to double the last delay, & then it closes the connection request. ; ;See SynAttackProtect, TCPMaxPortsExhausted (above), TCPMaxHalfOpen, + ;TCPMaxHalfOpenRetried (below, non-std.) ; ;Acceptable Ranges -> 0-255 ; ;DEFAULT = At least 2 for SynAckProtect & SynAttackProtect to work + TcpMaxPortsExhausted above @ TOP ;to work right & defend the system against DOS/DDOS attacks...apk ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "DisableIPSourceRouting"=dword:00000002 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;IP source routing is a mechanism allowing the sender to determine the IP route that a datagram should take ;through the network, used primarily by tools such as tracert.exe & ping.exe. IP source routing is ;disabled by default. ; ;Valid Range: 0, 1, 2 ; ;0 - forward all packets ;1 - do not forward Source Routed packets ;2 - drop all incoming Source Routed packets ; ;DEFAULT = 1 (on/true boolean switch), 2 recommended ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,\ 00,00,00,00 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Allows ports to be reserved so that they are not used as part of the 1024 or greater range. This is useful ;for apps that want a specific portrange (ephemeral, short-lived ports usage in apps over port 5000-65535). ; ;Acceptable Ranges -> xxxx-yyyy The string uses the format xxxx-yyyy. (port range) ; ;DEFAULT= ; ;TWEAK PARAMETERS: tuned TOO NEW & UNIQUE TO WINDOWS 2003... apk ; ;I can see using this to set ephemeral ports usage ranges WAY UP HIGH, nearer to 65535 than usual ;5,000-9,000 range iirc, that I have seen scanning ports used local ones via netstat -ano tests! apk ; ;============================================================================================================ ;************************************************************************************************************ ;START NON-STD. ENTRIES SECTION WINDOWS SERVER 2003 TCP/IP PARAMETERS ENTRIES YOU MUST ADD IN YOURSELF...apk ;************************************************************************************************************ ;============================================================================================================ "PriorityBoost"=dword:00000000 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;The priority boost that AFD gives to a thread when it completes I/O for that thread. If a multithreaded ;application experiences starvation of some threads, the problem may be remedied by reducing this value. ; ;Acceptable Ranges -> 0–16 ; ;DEFAULT = 2 ;Win2k doesnt add this entry to the registry. You can add it by editing the registry ;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "TcpMaxHalfOpen"=dword:00000064 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;This controls the # of connects in the SYN-RCVD state allowed before SYN-ATTACK protection ;begins to operate. If SynAttackProtect is set to 1, ensure that this value is lower than the AFD listen ;backlog on the port that you want to protect (see backlog parameters in Appendix C for more information). ;See the SynAttackProtect parameter for more details. ; ;Acceptable Ranges -> 100–0xFFFF ; ;DEFAULT = 100 (Professional, Server), 500 (Advanced Server) ;Win2k doesnt add this entry to the registry. You can add it by editing the registry ;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "TcpMaxHalfOpenRetried"=dword:00000050 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;This controls the # of connects in the SYN-RCVD state for which there has been at least ;one retransmission of the SYN sent, before SYN-ATTACK attack protection begins to operate. ;See the SynAttackProtect parameter for more details. ; ;Acceptable Ranges -> 80–0xFFFF ; ;DEFAULT = 80 (Professional, Server), 400 (Advanced Server) ;Win2k doesnt add this entry to the registry. You can add it by editing the registry ;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "TcpMaxRetransmissionAttempts"=dword:00000005 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;This controls the # of connects in the SYN-RCVD state for which there has been at least ;one retransmission of the SYN sent, before SYN-ATTACK attack protection begins to operate. See the ;SynAttackProtect parameter for more details. ; ;Acceptable Ranges -> 80–0xFFFF ; ;DEFAULT = 80 (Pro/Server), 400 (AdvancedServer/Enterprise) ;Win2k doesnt add this entry to the registry. You can add it by editing the registry ;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "TcpMaxConnectRetransmissions"=dword:00000002 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2tworking/tcpip03.mspx#ECAA ; ;Determines how many times TCP retransmits an unanswered request for a new connection. TCP ;retransmits new connection requests until they are answered or until this value expires. ; ;TCP/IP adjusts the frequency of retransmissions over time. The delay between the original transmission ;& the first retransmission for each interface is determined by the value of the TcpInitialRTT entry ;By default, it is three seconds. This delay doubles after each attempt. After the final attempt, TCP/IP ;waits for an interval equal to double the last delay, & then it ab&ons the connection request. ; ;This entry determines how many times TCP retransmits requests for new connects. When sending ;data on existing connects, the maximum # of retransmissions is determined by the value of ;the TcpMaxDataRetransmissions entry. ; ;DEFAULT = 2 (Range 0-255) ;default not present in registry @ ;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ ;UdpAllowedPorts (multi_sz/multi-string value table edited by regedit.exe or regedt32.exe) ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Specifies the UDP ports on which incoming IP datagrams are accepted on this interface when ;security filtering is enabled. Security filtering is enabled when the value of the ;EnableSecurityFilters entry is 1 (see above) ; ;Blank, but present= no multi-string (multi_sz) data present ;0 (DEFAULT false/off (or not in the registry)) = ALL Udp datagrams accepted ;Specific IP protocol #s table via multi-string_sz values editor in regedit.exe/regedt32.exe to allow ; ;To change the value of this entry, use Network & Dial-up connects. Right-click Local Area ;Connection, click Properties, click Internet Protocol (TCP/IP), & then click the Properties ;button. On the Internet Protocol (TCP/IP) Properties page, click the Advanced button, click ;the Options tab, click TCP/IP filtering, click Properties & then, just above the UDP Ports ;box, click Permit Only. This entry is associated w/ the values added to the UDP Ports list on ;this page. ; ;IP PROTOCOL VALUE = 17 ; ;There is no defined or predictable response when the value of this entry includes a zero ;together w/ IP protocol #s. Do not combine these values in this entry. ; ;NOT PRESENT FOR DIALUP NETWORK connects EITHER UNLESS "HACKED IN" via regedit OR regedt32 ;Multi_SZ capable editor... apk ; ;MAY AFFECT SOME GAMES IF THIS IS TURNED OFF AS MANY GAMES UTILIZE IT FOR ONLINE PLAY SINCE ;IT doesnt VALIDATE PACKETS ;FOR SPEED WHEREAS TCP/IP DOES & IS NOT NECESSARY FOR GAMES ;& IS A "SLOWER" BUT MORE SECURE/RELIABLE PROTOCOL... apk ; ;DEFAULT = 0 (off/false) & not present unless EnableSecurityFilters present 1st on Windows 2003 Server ;& not typically visible by default @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ;& EnableSecurityFilters which turns this on is typically 0, off by default as well ; ;TWEAK PARAMETERS: tuned ;ADD PORTS AS NEEDED HERE TO BLOCKOUT/FILTER TO SUPPLEMENT NAT "firewalling" routers (before IP stack) ;& SOFTWARE FIREWALL PROGRAMS (after IP stack) & this sits right @ the IP Stack level... apk ;============================================================================================================ ;TcpAllowedPorts (multi_sz/multi-string value table edited by regedit.exe or regedt32.exe) ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Specifies the TCP ports on which incoming connection requests (SYNs) are accepted on this interface when ;security filtering is enabled. Security filtering is enabled when the value of the ;EnableSecurityFilters entry is 1 (see above) ; ;Blank, but present= no multi-string (multi_sz) data present No SYNs are accepted ;0 (DEFAULT false/off (or not in the registry)) = All SYNs are accepted ;Specific IP protocol #s table via multi-string_sz values editor in regedit.exe/regedt32.exe to allow ; (Only SYNs arriving on these ports are accepted from that table) ; ;To change the value of this entry, use Network & Dial-up connects. Right-click Local Area ;Connection, click Properties, click Internet Protocol (TCP/IP), & then click the Properties ;button. On the Internet Protocol (TCP/IP) Properties page, click the Advanced button, click ;the Options tab, click TCP/IP filtering, click Properties & then, just above the TCP Ports ;box, click Permit Only. This entry is associated w/ the values added to the TCP Ports list on ;this page. ; ;IP PROTOCOL VALUE = 6 ; ;There is no defined or predictable response when the value of this entry includes a zero ;together w/ IP protocol #s. Do not combine these values in this entry. ; ;NOT PRESENT FOR DIALUP NETWORK connects EITHER UNLESS "HACKED IN" via regedit/regedt32 Multi_SZ editor ; ;DEFAULT = 0 (off/false) & not typically present unless EnableSecurityFilters present 1st on Win2k3 Server ;not typically visible by default @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ;& EnableSecurityFilters which turns this on is typically 0, off by default as well ; ;TWEAK PARAMETERS: tuned ;ADD PORTS AS NEEDED HERE TO BLOCKOUT/FILTER TO SUPPLEMENT NAT "firewalling" routers (before IP stack) ;& SOFTWARE FIREWALL PROGRAMS (after IP stack) & this sits right @ the IP Stack level... apk ;============================================================================================================ "AllowUnqualifiedQuery"=dword:00000000 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Determines whether the Domain Name System (DNS) permits unqualified queries. ; ;This controls whether or not the Domain Name Resolver queries the Domain Name Server(s) w/ the ;host name, followed by a dot (.) only (an unqualified query). For example, if your computer is in ;mydomain.com & you ping 'target'(mydomain. ) no .org/.com/.gov/.pl/.ca etc. (country, business, ;government, or organization UNC/URL names) by default the DNS is queried for target.mydomain.com ;only. When This is set to 1, target is also queried. ; ;EXPLANATIONS & EXAMPLES ; ;AUTOMATED CHANGE METHODS VIA GUI IN OPERATING SYSTEM TIPS ; ;DEFAULT = 0 (off/false) DO NOT PERMIT UNQUALIFIED QUERIES vs. 1 (on/true) PERMIT THEM ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "PrioritizeRecordData"=dword:00000001 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ;http://www.microsoft.com/technet/itsolutions/network/deploy/depovg/tcpip2k.mspx ;http://www.microsoft.com/resources/documentation/windows/2000/professional/reskit/en-us/part4/proch22.mspx ; ;This controls whether or not the Domain Name Resolver sorts the addresses that are returned in ;response to a query for a multihomed host. By default, the DNR sorts addresses that are on the same ;subnet as one of the interfaces in the querying computer to the top of the list. ;This is done to give preference to a common-subnet (non-routed) IP address, when possible. ; ;DEFAULT = 1 (on/true) ;BUT, not visible by default @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "Tcp1323Opts"=dword:00000001 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;This controls the use of RFC 1323 Timestamp & Window Scale TCP options. Explicit settings for timestamps ;& window scaling are manipulated w/ flag bits. Bit 0 controls window scaling, & bit 1 controls timestamps. ; ;The default behavior is as follows: do not use the Timestamp & Window Scale options when initiating TCP ;connects but use them if the TCP peer that is initiating communication includes them in the SYN segment. ; ;Window scaling permits TCP to negotiate a scaling factor for the TCP receive window size, allowing for ;a very large TCP receive window of up to 1 GB. The TCP receive window is the amount of data the ;sending host can send at one time on a connection. ; ;Timestamps help TCP measure round trip time (RTT) accurately in order to adjust retransmission ;timeouts. The Timestamps option provides 2 timestamp fields of 4 bytes each in the TCP header ;one to record the time the initial transmission is sent & one to record the time on the remote host. ; ;This entry is a 2-bit bitmask. The lower bit determines whether scaling is enabled; the higher bit ;determines whether timestamps are enabled. To enable a feature, set the bit representing the feature ;to 1. To disable a feature, set its bit to 0. ; ;Valid ranges = 0, 1, 2, 3 ; ;0 (disable RFC 1323 options/Timestamps & window scaling are disabled.) ;1 (window scaling enabled only) ;2 (timestamps enabled only) ;3 (both options enabled) ; ;DEFAULT = not present in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ;but 3 is the default even if not visible ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "TcpWindowSize"=dword:0003e900 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Determines the largest TCP receive window that the system offers. The receive window is the # ;of bytes a sender can transmit w/out receiving an acknowledgment. ;In general, larger receive windows improve performance over high-delay, high-bandwidth networks. ;For greatest efficiency, the receive window should be an even multiple of the TCP Maximum Segment Size (MSS) ;This is both a per-interface parameter & a global parameter, depending upon where the registry ;key is located. ; ;If there is a value for a specific interface, that value overrides the system-wide value. ;See also GobalMaxTcpWindowSize. ; ;This entry overrides TCP's negotiated maximum receive window size & replaces it w/ the value of this entry. ; ;TCP uses a receive window that is four times the size of the maximum TCP segment size (MSS) ;negotiated during connection setup, up to a maximum size of 64 KB. TCP for Win2k also ;supports windows scaling, as detailed in RFC 1323, TCP Extensions for High Performance. Scaling ;enables TCP to provide a receive window of up to 1 GB. ; ;0–0x3FFFFFFF (1073741823 decimal). In practice the TCP/IP stack will round the # set to ;the nearest multiple of maximum segment size (MSS). Values greater than 64 KB can be achieved ;only when connecting to other systems that support RFC 1323 Window Scaling, which is discussed ;in the “Transmission Control Protocol (TCP)” section of this document. ; ;Default: The smaller of the following values: ; 0xFFFF ; GlobalMaxTcpWindowSize (another registry parameter) ; The larger of four times the MSS ; 16384 rounded up to an even multiple of the MSS ; ;The stack also tunes itself based on the media speed: ; Below 1 Mbps: 8 KB ; 1 Mbps – 100 Mbps: 17 KB ; Greater than 100 Mbps: 64 KB ; ;The default can start at 17520 for Ethernet, but may shrink slightly when the connection is established ;to another computer that supports extended TCP header options, such as Selective Acknowledgements (SACK) ;& TCP Timestamps, because these options increase the size of the TCP header beyond the usual 20 bytes, ;leaving slightly less room for data. ; ;For Ethernet networks, the default value of this entry is 0x4470 (17,520, or 12 segments of 1,460 bytes ;each). For other networks, the default value is 0xFFFF (65,535) unless 0xFFFF is larger than: ; ; Four times the maximum TCP data size on the network; & ; 0x2000 (8,192) rounded up to an even multiple of the network TCP data size. ; ;This entry determines the maximum receive window size for this interface. When configuring this ;interface, this entry takes precedence over the GlobalMaxTcpWindowSize entry, which establishes ;a maximum window size for all interfaces. ; ;Win2k automatically uses windows scaling if the value of this entry is greater than 64 KB. ;To disable windows scaling, set the value of the Tcp1323Opts entry to 0 or 2. ; ;DEFAULT = not present in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ;but 0xFFFF is for dialup default & Ethernet = 0x4470 even if not visible ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "GlobalMaxTcpWindowSize"=dword:0003e900 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;DESCRIPTION ; ;Determines the largest TCP receive window that the system offers. The receive window is the # ;of bytes a sender can transmit w/out receiving an acknowledgment. This entry takes precedence over ;TCP's negotiated maximum receive window size. ; ;TCP uses a receive window that is four times the size of the maximum TCP segment size (MSS) ;negotiated during connection setup, up to a maximum size of 64 KB. TCP for Win2k also ;supports windows scaling, as detailed in RFC 1323, TCP Extensions for High Performance. Scaling ;enables TCP to provide a receive window of up to 1 GB. ; ;For Ethernet networks, the default value of this entry is 0x4470 (17,520, or 12 segments of 1,460 bytes ;each). For other networks, the default value is 0xFFFF (65,535), unless 0xFFFF is larger than each of ;the following: ; ; Four times the maximum TCP data size on the network. ; 0x2000 (8,192), rounded up to an even multiple of the network TCP data size. ; ;This entry determines the default maximum receive window size for all interfaces. When configuring ;any particular interface, the value of the TcpWindowSize entry for that interface takes precedence ;over the value of this entry. ; ;Range = 0x0–0x3FFFFFFF (1073741823 decimal; however, values greater than 64 KB can only be achieved ; when connecting to other systems that support RFC 1323 window scaling, which ; is discussed in the TCP section of this document.) ; ;DEFAULT = NONE really see description above in conjunction w/ TcpWindowSize & Tcp1323Opts ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "TcpMaxDupAcks"=dword:00000002 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Specifies how many duplicate ACKs (ACKs for the same sequence #s) constitute a signal to ;retransmit a segment. If you set the value of this entry to 1, the system retransmits a segment when ;it receives an ACK for a segment w/ a sequence # that is less than the # of the segment ;currently being sent. ; ;This determines the # of duplicate ACKs that must be received for the same sequence # ;of sent data before fast retransmit is triggered to resend the segment that has been dropped in transit. ; ;This is described in more detail in the “Transmission Control Protocol (TCP)” section of this paper. ; ;When data arrives w/ a sequence # that is greater than expected, the receiver assumes that ;data w/ the expected # was dropped, & it immediately sends an ACK w/ the ACK # ;set to the expected sequence #. The receiver sends ACKs set to the same missing # each ;time it receives a TCP segment that has a sequence # greater than expected. The sender ;recognizes the duplicate ACKs & sends the missing segment. ; ;This entry is used only when the receiver supports the fast retransmit feature. Fast retransmit lets ;TCP retransmit data before the retransmission timer (as set by the value of the TcpInitialRtt entry) ;expires. ; ;Range 1-3 ; ;DEFAULT = 2 ;but not present in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "TcpInitialRTT"=dword:00000003 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Determines how long TCP waits to retransmit a connection request if it doesnt receive a response to ;the original request for a new connection. ; ;This value initializes the retransmission timer. It specifies the time that must elapse between the ;original transmission & the first retransmission. On each subsequent retransmission, the previous ;interval is doubled. This strategy assumes that the response is delayed because the connection is slow. ; ;By default, the retransmission timer is initialized to three seconds, & the request (SYN) is sent ;twice, as specified in the value of the TcpMaxConnectRetransmissions entry. ; ;Because the delay between retransmissions grows exponentially, the initial value stored in the value ;of this entry should be very small. A value greater than 3 (seconds) prevents the server from ;expeditiously disposing unacknowledgeable connection requests. ; ;DEFAULT = 3 ;not present in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "EnableFastRouteLookup"=dword:00000000 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Determines whether the fast route lookup feature is enabled. Fast route lookups make route searches ;faster, but they use a significant amount of non-pageable memory. ; ;Fast route look-up is enabled if this flag is set. This can make route lookups faster at the expense of ;non-paged pool memory. This flag is used only if the computer runs Windows Server 2003 & falls into the ;medium or large class (in other words, contains at least 64 MB of memory). This ;parameter is created by the Routing & Remote Access service. ; ;AUTOMATED CHANGE METHODS VIA GUI IN OPERATING SYSTEM TIPS ; ;DEFAULT = 0 & Win2k doesnt add this entry to the registry. You can add it by editing the registry or by ;using regedit.ext OR regedt32.exe & by default not present in registry ;@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;This entry is used only on Win2k Server computers that have at least 64 MB of physical memory. ;This entry applies only when Routing & Remote Access Service is enabled on the system. ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "FFPControlFlags"=dword:00000001 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Determines whether Fast Forwarding Path for Offload (FFP) is enabled. ; ;If This is set to 1, Fast Forwarding Path (FFP) is enabled. If it is set to 0, TCP/IP instructs ;all FFP-capable adapters not to do any fast forwarding on this computer. FFP-capable network adapters can ;receive routing information from the stack & forward subsequent packets in hardware w/out passing them ;up to the stack. FFP parameters are located in the TCP/IP registry key, but are actually placed there by ;the Routing & Remote Access service. ; ;DEFAULT = 1 (on/true) ;0 = Determines whether Fast Forwarding Path for Offload (FFP) is enabled. ;1 = FFP is enabled. TCP/IP provides for fast forwarding on this system. ; ;Win2k doesnt add this entry to registry. You add it by editing registry or by regedit.exe/regedt32.exe ;This entry is used only when Routing & Remote Access Service is enabled on this system. ;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "FFPFastForwardingCacheSize"=dword:00030d40 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Specifies the maximum amount of system memory that a device driver can allocate to its fast ;forwarding cache. The fast forwarding cache is a section of reserved memory used to support TCP/IP ;fast forwarding. ; ;This entry is used only when fast forwarding is enabled (that is, when the value of the ;FFPControlFlags entry is 1) & the driver uses system memory for its cache. This value doesnt ;apply when the driver uses memory on the device for its cache. ; ;This is the maximum amount of memory that a driver that supports fast forwarding path (FFP) can allocate for ;its fast-forwarding cache if it uses system memory for its cache. If the device has its own memory for ;fast-forwarding cache, this value is ignored. ; ;Acceptable parameter range 0x0–0xFFFFFFFF (bytes) ; ;DEFAULT = 0x19000 (102,400) ;Win2k doesnt add this entry to the registry. You can add it by editing the registry or ;by regedit.exe/regedt32.exe Is used, but not present @ ;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "ForwardBufferMemory"=dword:00019df7 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Determines the size of the buffer that IP allocates for storing packet data in the router packet queue. ;Because packet queue data buffers are 256 bytes long, the value of this entry must be a multiple of 256 ; ;The default value of 74,240 bytes is enough for 50 packets of 1480 bytes each, rounded to a multiple pf 256 ; ;When the buffer space is full, the router begins discarding packets at random from its queue. If packets ;are too large for the buffer, multiple buffers are chained together. If no buffers are allocated or if the ;IP router is not enabled, this entry is ignored. ; ;Because packet headers are stored separately, buffer size is not affected by the IP header for a packet. ; ;Acceptable Ranges - 0x0–0xFFFFFFFF (bytes, in 256-byte increments) ; ;DEFAULT = 0x12200 (74,240 bytes) ;Win2k doesnt add this entry to the registry. You can add it by editing the registry ;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "MaxForwardBufferMemory"=dword:001f4000 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Establishes the maximum amount of memory that IP can allocate to store packet data in the router ;packet queue. The value of this entry must be greater than or equal to the value of the ;ForwardBufferMemory entry. ; ;This limits the total amount of memory that IP can allocate to store packet data in the router ;packet queue. This value must be greater than or equal to the value of the ForwardBufferMemory parameter. ;See the description of ForwardBufferMemory for more details. ; ;Acceptable Ranges - Network MTU–0xFFFFFFFF ; ;DEFAULT = 0x200000 (2 MB) 2097152 decimal ;Win2k doesnt add this entry to the registry. You can add it by editing the registry ;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ; ;TWEAK PARAMETERS: tuned ; ;============================================================================================================ "MaxFreeTcbs"=dword:000007d0 ;------------------------------------------------------------------------------------------------------------ ; ;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA ; ;Determines the # of TCP control blocks (TCBs) the system creates to support active connects ;Because each connection requires a control block, this value determines how many active connects ;TCP can support simultaneously. If all control blocks are used & more connection requests arrive, TCP ;can prematurely release connects in the TIME_WAIT state in order to free a control block for a new connects. ;Normally, TCP doesnt release a connection or reuse its resources until the connection has remained ;closed for a period specified by the value of the TcpTimedWaitDelay (see next entry below) entry. ;This interval is known as the TIME_WAIT or 2MSL (2 x maximum segment lifetime) state. However, if the system ;is supporting an unusually large # of connects & is running short of connection resources, TCP releases ;the connection before the value stored in the TcpTimedWaitDelay entry has expired. ;The default value for this entry is determined both by the amount of physical memory on the computer ;when TCP/IP starts & by the version of Windows running on the computer, as shown in the Printed from NT Compatible