Windows Registry Editor Version 5.00
;============================================================================================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
************************************************************************************************************
;============================================================================================================
;USEFUL GENERIC URLS LIST FROM MICROSOFT FOR SECURITY PURPOSES USED IN THIS PREBUILT .REG FILE DOCUMENT
;============================================================================================================
;Microsoft Windows Server 2003 TCP/IP Implementation Details MAIN PAGE:
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2working/tcpip03.mspx
;------------------------------------------------------------------------------------------------------------
;------------------------------------------------------------------------------------------------------------
;Microsoft Windows Server 2003 TCP/IP Implementation Details Parameters:
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/netwoing/tcpip03.mspx#ECAA
;------------------------------------------------------------------------------------------------------------
;------------------------------------------------------------------------------------------------------------
;SECURITY CONSIDERATIONS FOR NETWORK ATTACKS:
;http://www.microsoft.com/technet/archive/security/prodtech/windows/iis/dosrv.mspx
;------------------------------------------------------------------------------------------------------------
;------------------------------------------------------------------------------------------------------------
;TCP Transport Entries (all esoteric/unusual settings found here):
;http://support.microsoft.com/kb/q102973/
;------------------------------------------------------------------------------------------------------------
;------------------------------------------------------------------------------------------------------------
;TCP/IP Exploits & Countermeasures for Win2k Server:
;http://www.microsoft.com/technet/security/guidance/secmod150.mspx
;------------------------------------------------------------------------------------------------------------
;------------------------------------------------------------------------------------------------------------
;Network Hardening & Security - Packet filtering Udp/Tcp - PortsAllowed + EnableSecurityFilters:
;http://www.microsoft.com/technet/security/guidance/legsgch3.mspx
;------------------------------------------------------------------------------------------------------------
;------------------------------------------------------------------------------------------------------------
;Prevent Session Hijacking
;http://www.microsoft.com/technet/technetmag/issues/2005/01/sessionhijacking/default.aspx
;------------------------------------------------------------------------------------------------------------
;------------------------------------------------------------------------------------------------------------
;ADDITIONAL REGISTRY SETTINGS - FOR AFD SETTINGS (ESPECIALLY):
;http://www.microsoft.com/technet/security/guidance/secmod57.mspx
;------------------------------------------------------------------------------------------------------------
;------------------------------------------------------------------------------------------------------------
;FOR TUNING PARAMETERS FOR SPEED FOR CABLEMODEM/DSL vs. 57.6k/33.6k/28.8k/14.4k DIALUP MODEMS:
;http://www.speedguide.net
;------------------------------------------------------------------------------------------------------------
;------------------------------------------------------------------------------------------------------------
;APK Security & Online Speed Tuning Guide:
;http://www.avatar.demon.nl/APK.html
;------------------------------------------------------------------------------------------------------------
;------------------------------------------------------------------------------------------------------------
;APK Local System Performance Tuning Guide:
;http://www.avatar.demon.nl/APKTuneup.html
;------------------------------------------------------------------------------------------------------------
;------------------------------------------------------------------------------------------------------------
;Winsock 2 parameters explanations:
;http://www.sockets.com/winsock.htm
;------------------------------------------------------------------------------------------------------------
;------------------------------------------------------------------------------------------------------------
;Documentation for WinSock2 by Microsoft (i.e.-> API for Microsoft reimplementation of the FreeBSD IP Stack):
;ftp://ftp.microsoft.com/bussys/winsock/winsock2/
;------------------------------------------------------------------------------------------------------------
;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;APK FORMAT IN DOCUMENTING EACH POSSIBLE Tcp/IP stack entry (performance & security) tuning generic header
;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;"ENTRY NAME"=dword:Hex, Bin, or String Values (by param type)
;URL for specific tuning & default setting information (usually Microsoft &/or Speedguide + APK URL Guides)
;Function + Description (MS) & use of settings for security &/or performance (APK)
;DEFAULT SETTING LISTED
;TWEAK PARAMETER SETTING (in place or not)
;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;************************************************************************************************************
;BRAND NEW SETTINGS FOR WINDOWS SERVER 2003...apk
;************************************************************************************************************
;============================================================================================================
"UdpNumconnections"=dword:00000040
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Specifies the maximum # of UDP endpoints.
;
;DEFAULT 64
;
;TWEAK PARAMETERS: tuned 00000040 hex value (64 decimal) above - default
;
;============================================================================================================
;============================================================================================================
"TcpNumconnections"=dword:00000080
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;This limits the maximum # of connects that TCP can have open simultaneously.
;
;If the value of this entry is 0, you cannot establish any connects. Be a heck of a registry hack for a virus
;
;Acceptable Ranges -> 0–0xFFFFFE
;
;DEFAULT = 0xFFFFFE
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;The default value of 16 million is probably a good value as it limits max concurrent connects,
;though it seems that the value only has importance in early versions of NT4
;============================================================================================================
"BroadcastType"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Determines whether broadcast packets contain all 0's or all 1's as the broadcast address. The most common
;broadcast type is all 1's. The all-0's setting is provided for compatibility w/ BSD 4.2 systems.
;
;DEFAULT 0
;
;TWEAK PARAMETERS: tuned default
;
;============================================================================================================
"RouterMTU"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Specifies the maximum transmission unit size that should be used when the destination IP address is on a
;different subnet. Each interface used by TCP/IP may have a different RouterMTU value specified.
;In many implementations, the value of RouterMTU is set to 576 octets. This is the minimum size that must
;be supported by any IP node. Because modern routers can usually h≤ MTUs larger than 576 octets, the
;default value for This is the same value as that used by MTU.
;
;DEFAULT 0
;
;TWEAK PARAMETERS: tuned default
;
;============================================================================================================
"Trailers"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Specifies whether the trailer format is used. This feature provides compatibility w/ BSD 4.2 systems.
;When this feature is enabled, TCP/IP header information follows the data area of IP packets.
;
;DEFAULT 0
;
;TWEAK PARAMETERS: tuned default
;
;============================================================================================================
;************************************************************************************************************
;START NORMAL ENTRIES SECTION PER MICROSOFT WINDOWS SERVER 2003 STANDARD TCP/IP PARAMETERS ENTRIES...apk
;************************************************************************************************************
;============================================================================================================
"DeadGWDetectDefault"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Specifies whether the computer detects nonfunctional gateways.
;
;DEFAULT 1 (on/true) on Windows 2003 Server
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DontAddDefaultGatewayDefault"=dword:00000000
;-----------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Specifies whether the computer uses the default gateway.
;
;DEFAULT 0 (off/false) on Windows 2003 Server
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"EnableDeadGWDetect"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;When This is set to 1, TCP is allowed to perform dead-gateway detection. w/ this feature enabled,
;TCP may ask IP to change to a backup gateway if a # of connects are experiencing difficulty.
;Backup gateways may be defined in the advanced properties of the TCP/IP protocol. See the
;“Dead Gateway Detection” section in this paper for details.
;
;DEFAULT = 0 (off/false boolean switch)
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"EnableICMPRedirect"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;http://www.microsoft.com/technet/security/guidance/secmod57.mspx
;http://www.microsoft.com/technet/security/guidance/secmod150.mspx
;
;This controls whether Windows Server 2003 alters its routing table in response to Internet
;Control Message Protocol (ICMP) messages that instruct it to direct datagrams for the recipient along a
;different route
;
;ICMP provides a means by which a host sending IP datagrams can be informed about delivery
;issues. ICMP doesnt guarantee delivery of IP datagrams (that kind of error correction is left to
;higher level protocols, like TCP), but rather, it allows network devices, like a router, to tell a
;sending computer about delivery errors, to suggest shorter routes to a destination, & to assist
;in probing the network. For more information about ICMP, see RFC 792 Internet Control Message
;Protocol, and RFC 1122 Requirements for Internet Hosts—Communication Layers.
;
;Windows Server 2003 accepts redirection messages from any host in the route between this
;computer & the destination computer, & not just first-hop routers. Accepting redirection from
;only first-hop routers causes problems in some scenarios involving Routing & Remote Access Server (RAS)
;
;DEFAULT = 0 (on/true) on Windows 2003 Server
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"EnablePMTUDiscovery"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;EnablePMTUDiscovery Determines whether TCP uses a fixed, default maximum transmission unit (MTU) or attempts
;to detect the actual MTU.
;
;By discovering the Path MTU & limiting TCP segments to this size, TCP can eliminate fragmentation
;at routers connecting networks w/ different MTUs. Fragmentation reduces TCP throughput &
;increases network congestion.
;
;By default, this entry applies to all interfaces. However, the MTU can be reduced for any particular
;interface by changing the default value of the MTU entry in the subkey for that interface.
;
;When This is set to 1 (true) TCP attempts to discover the Maximum Transmission Unit (MTU), or
;largest packet size, over the pathto a remote host. By discovering the Path MTU (PMTU) & limiting TCP
;segments to this size, TCP can eliminate fragmentation at routers along the path that connect networks
;w/ different MTUs. Fragmentation adversely affects TCP throughput & network congestion. Setting this
;parameter to 0 (not recommended) causes an MTU of 576 bytes to be used for all connects that are not
;to destinations on a locally attached subnet.
;
;EXPLANATIONS & EXAMPLES
;
;AUTOMATED CHANGE METHODS VIA GUI IN OPERATING SYSTEM TIPS
;
;DEFAULT = 1 (on/true) Win2k doesnt add this entry to the registry. added by registry edit or by
;using a program that edits the registry.
;not present in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;0 = TCP uses an MTU of 576 bytes for all connects to computers outside the local subnet.
;1 = TCP attempts to discover the MTU of the path to a remote host.
;
;MTU explained:
;
;Reduces the size of the maximum transmission unit (MTU) that TCP/IP uses for the network interface
;The value of this entry takes precedence over the MTU that the network adapter detects dynamically.
;The MTU is the size of the largest packet that can be transmitted over the underlying network,
;including the size of the transport header. The MTU is configured separately for each interface.
;To prevent fragmentation, the MTU should be large enough to hold any IP datagram in a single frame.
;IP datagrams larger than the MTU are divided into fragments whose size is a multiple of eight octets.
;The fragments travel separately to the destination computer, where they are reassembled before the
;datagram is processed.
;
;MTU detection is determined for all interfaces by the value of the EnablePMTUDiscovery entry. By
;default, the network adapter for each interface detects the largest MTU that the interface can transmit,
;& it uses that MTU for its transmissions. However, if MTU detection is disabled (that is, the value of
;EnablePMTUDiscovery is 0), the system uses a fixed MTU of 576 bytes. If you change the default
;value of the MTU entry, you override either setting as it pertains to the interface represented by this
;subkey.
;
;0x44 (68 bytes) - dynamically determined MTU. Specifies the MTU used for the network interface.
;This value overrides the MTU that the network adapter dynamically determines.
;
;0xFFFFFFFF (or any value greater than the dynamically-determined MTU) - Use the dynamically-determined MTU.
;
;If you enter a value greater than the dynamically-determined MTU, the system uses the value of the
;dynamically-determined MTU instead. You can use this entry to reduce, but not to increase, the size
;of the MTU.
;
;In general, replacing a dynamically-determined value w/ a fixed value degrades the performance of
;the operating system. Do not change the value of this entry unless the detected MTU is not
;compatible w/ the network media.
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"EnableSecurityFilters"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Determines whether TCP/IP filters datagrams & TCP sync characters (SYNs).
;
;If the value of this entry is 1, TCP/IP filters all incoming User Datagram Protocol (UDP)
;datagrams, raw IP datagrams, & TCP SYNs. You can customize the filtering for each interface
;by using the UdpAllowedPorts, TcpAllowedPorts, & RawIpAllowedProtocols entries.
;
;UdpAllowedPorts, TcpAllowedPorts, & RawIPAllowedProtocols
;only appear IF turned on via GUI & default 0 (off)
;
;To change the value of this entry, use Network & Dial-up connects. Right-click Local Area
;Connection, click Properties, click Internet Protocol (TCP/IP), & then click the Properties
;button. On the Internet Protocol (TCP/IP) Properties page, click the Advanced button, click
;the Options tab, click TCP/IP filtering, & then click Properties. This entry is associated w/
;the Enable TCP/IP Filtering (All adapters) check box.
;
;BUT IS VISIBLE BY DEFAULT @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;but its working parameters of TcpAllowedPorts & UdpAllowedPorts are what make it actually work specific
;to ports you allow in on for:
;UDPAllowedPorts (IP port 17, default 0/off/false all Udp Datagrams accepted)
;or
;TCPAllowedPorts (IP port 6, default 0/off/false accepts ALL Syn for Ack by local system (ack) receipt).
;
; (See each below next because I put them next to this, to
;understand better what is meant!... apk)
;
;DEFAULT = 0 (off/false) on Windows 2003 Server
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"IPEnableRouter"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;When the value of this entry is 1 system routes IP packets to
;all networks to which it is connected.... apk
;
;THIS ENABLES IP FORWARDING... apk
;
;DEFAULT = 0 (off/false) on Windows Server 2003
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"UseDomainNameDevolution"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Stores configuration data for the policy setting Primary DNS Suffix Devolution
;
;Determines whether the DNS client performs name devolution.
;
;By default, when a query fails for a name to which a primary DNS suffix has been attached,
;the DNS client drops the left-most label of the primary DNS suffix on each successive attempt,
;making the query more general. This is known as name devolution.
;
;For example, if the primary DNS suffix ooo.aaa.reskit.com is attached to the name reskituser
;& if the query for reskituser.ooo.aaa.reskit.com fails, the DNS client devolves
; (drops the left-most label) the primary DNS suffix & submits a query for reskituser.aaa.reskit.com.
;The DNS client devolves the primary DNS suffix on each attempt until the name is successfully
;resolved or the name to be submitted has fewer than 2 labels.
;
;To change the value of this entry, use the Group Policy Object Editor (Gpedit.msc). The corresponding
;policy is located in Administrative Templates\Network\DNS Client.
;
; (Same as Tcp/IP Properties, Advanced, DNS Tab, Clearing of Append parent suffixes of the primary DNS suffix)
;
;DEFAULT = 1 (on/true) on Windows Server 2003
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"KeepAliveTime"=dword:00023280
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;The parameter controls how often TCP attempts to verify that an idle connection is still intact by sending
;a keep-alive packet. If the remote system is still reachable & functioning, it acknowledges the keep-alive
;transmission. Keep-alive packets are not sent by default. This feature may be enabled on a connection by
;an application.
;
;This entry is used when the remote system is responding to TCP. Otherwise, the interval between
;transmissions is determined by the value of the KeepAliveInterval entry.
;
;By default, keep-alive transmissions are not sent. The TCP keep-alive feature must be enabled by a program
;such as Telnet, or by an Internet browser, such as Internet Explorer.
;
;DEFAULT = 7,200,000 (2 hours)
;
;TWEAK PARAMETERS: tuned
;300,000 hours per Microsoft URL above...apk
;
;============================================================================================================
"PerformRouterDiscovery"=dword:00000002
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;This controls whether Windows Server 2003 attempts to perform router discovery per RFC 1256 on
;a per-interface basis. See also SolicitationAddressBcast.
;
;Router discovery solicits router information from the network. The system adds the information retrieved
; to the route table. The router discovery method is specified in RFC 1256, ICMP Router Discovery Messages.
;
;Acceptable Ranges -> 0, 1, 2
;
;0 (disabled)
;1 (enabled)
;2 (enable only if DHCP sends the router discover option)
;
;DEFAULT = 2, DHCP-controlled off by default. (for Win2k is 1 default & doesnt visibly add it, but in use)
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpMaxDataRetransmissions"=dword:00000006
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Determines how many times TCP retransmits an unacknowledged data segment on an existing
;connection. TCP retransmits data segments until they are acknowledged or until this value expires.
;
;TCP/IP adjusts the frequency of retransmissions over time. TCP establishes an initial retransmission
;interval by measuring the round trip time on the connection. The interval doubles w/ each successive
;retransmission on a connection, & it is reset to the initial value when responses resume.
;
;This entry is also used in the Windows algorithm for defining non-operational (dead) gateways.
;A given connection defines a gateway as dead (& switches to the next gateway in the list in stored
;in the value of the DefaultGateway or DhcpDefaultGateway entries) when a packet sent to the
;gateway must be retransmitted more than half of the # of times specified in the value of this
;entry. The system defines a gateway as dead when more than 25 percent of its connects have
;switched to the next default gateway in the list.
;
;This entry determines how many times TCP retransmits data segments. The maximum # of
;retransmissions of requests for new connects is determined by the value of the
;TcpMaxConnectRetransmissions entry.
;
;Win2k doesnt add this entry to the registry. You can add it by editing the registry or by
;using a program that edits the registry.
;
;Range 0x0–0xFFFFFFFF
;
;DEFAULT = 5
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"SynAckProtect"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;DOS/DDOS protection method
;A value of 2 will disable Windows Scaling(Tcp1323Opts=3) & it is not supported by WinXP/2003
;
;DEFAULT = 0 (off/False boolean switch) Recommend 1 or 2
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"SynAttackProtect"=dword:00000002
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;DOS/DDOS protection method
;SYN attack protection involves reducing the amount of retransmissions for the SYN-ACKS, which will reduce
;the time for which resources have to remain allocated. The allocation of route cache entry resources is
;delayed until a connection is made & the connection indication to AFD is delayed until the three-way
;handshake is completed. Note that the actions taken by the protection mechanism only occur if
;TcpMaxHalfOpen & TcpMaxHalfOpenRetried settings are exceeded.
;
;Determines whether the SYN flooding attack protection feature of TCP/IP is enabled. SYN flooding attack
;protection is enabled when the value of this entry is 1 & the value of the
;TcpMaxConnectResponseRetransmissions entry is at least 2 (see note below).
;
;NOTE - This value is used only when the # of SYN-ACK retransmissions is likely to impair the server,
;that is, when the value of the TcpMaxConnectResponseRetransmissions entry is at least 2.
;
;The SYN flooding attack protection feature of TCP detects symptoms of denial-of-service attacks
; (also known as SYN flooding), & it responds by reducing the time the server spends on connection
;requests that it cannot acknowledge.
;
;Acceptable Ranges -> 0, 1
;
;0 (no SYN attack protection) SYN flooding attack protection is not enabled.
;1 (reduced retransmission retries & delayed RCE [route cache entry] creation if the TcpMaxHalfOpen &
; TcpMaxHalfOpenRetried settings are satisfied & a delayed indication to Winsock is made.)
; SYN flooding attack protection is enabled.
;
;DEFAULT = 0 (on/true boolean switch) Recommend 1
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TCPMaxPortsExhausted"=dword:00000005
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Determines how many connection requests the system can refuse before TCP/IP initiates SYN flooding attack
;protection. The system must refuse all connection requests when reserve of open connection ports runs out.
;This entry used only when SYN flooding attack protection is enabled on this server, that is, the value of
;the SynAttackProtect entry is 1 & value of the TcpMaxConnectResponseRetransmissions entry is at least 2).
;
;This entry establishes one of three configurable thresholds that, if exceeded, trigger TCP's SYN attack
;flooding protection feature. Because SYN flooding often consumes all reserved connection ports, TCP
;interprets an elevated # connection refusals & a depleted port reserve as a symptom of SYN flooding.
;
;The other 2 thresholds are:
;
;1.) The total # of connects in half-open (SYN-RCVD) state exceeds value of TcpMaxHalfOpen entry.
;
;2.) The # of connects remaining in half-open (SYN-RCVD) state even after a connection request has
; been retransmitted exceeds the value of the TcpMaxHalfOpenRetried entry.
;
;Note - If the value of this entry is 0, SYN flooding protection is triggered as soon as the backlog of
;connection ports is consumed.
;
;RELATED ENTRIES - SynAttackProtect (above & default), TcpMaxConnectResponseRetransmissions (next below),
; TCPMaxHalfOpen, & TCPMaxHalfOpenRetried (below, non-std.)
;
;Acceptable Ranges -> 0x0–0xFFFF
;
;DEFAULT = 0x5
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpMaxConnectResponseRetransmissions"=dword:00000002
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;This controls the # of times that a SYN-ACK is retransmitted in response to a connection
;request if the SYN is not acknowledged. If this value is greater than or equal to 2, the stack employs
;SYN attack protection internally. If this value is less than 2, the stack doesnt read the registry
;values at all for SYN attack protection.
;
;TCP/IP adjusts the frequency of retransmissions over time. The delay between the first & second
;retransmission is three seconds. This delay doubles after each attempt. After the final attempt,
;TCP/IP waits for an interval equal to double the last delay, & then it closes the connection request.
;
;See SynAttackProtect, TCPMaxPortsExhausted (above), TCPMaxHalfOpen, +
;TCPMaxHalfOpenRetried (below, non-std.)
;
;Acceptable Ranges -> 0-255
;
;DEFAULT = At least 2 for SynAckProtect & SynAttackProtect to work + TcpMaxPortsExhausted above @ TOP
;to work right & defend the system against DOS/DDOS attacks...apk
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DisableIPSourceRouting"=dword:00000002
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;IP source routing is a mechanism allowing the sender to determine the IP route that a datagram should take
;through the network, used primarily by tools such as tracert.exe & ping.exe. IP source routing is
;disabled by default.
;
;Valid Range: 0, 1, 2
;
;0 - forward all packets
;1 - do not forward Source Routed packets
;2 - drop all incoming Source Routed packets
;
;DEFAULT = 1 (on/true boolean switch), 2 recommended
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"ReservedPorts"=hex(7):33,00,33,00,34,00,33,00,2d,00,33,00,33,00,34,00,33,00,\
00,00,00,00
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Allows ports to be reserved so that they are not used as part of the 1024 or greater range. This is useful
;for apps that want a specific portrange (ephemeral, short-lived ports usage in apps over port 5000-65535).
;
;Acceptable Ranges -> xxxx-yyyy The string uses the format xxxx-yyyy. (port range)
;
;DEFAULT=
;
;TWEAK PARAMETERS: tuned TOO NEW & UNIQUE TO WINDOWS 2003... apk
;
;I can see using this to set ephemeral ports usage ranges WAY UP HIGH, nearer to 65535 than usual
;5,000-9,000 range iirc, that I have seen scanning ports used local ones via netstat -ano tests! apk
;
;============================================================================================================
;************************************************************************************************************
;START NON-STD. ENTRIES SECTION WINDOWS SERVER 2003 TCP/IP PARAMETERS ENTRIES YOU MUST ADD IN YOURSELF...apk
;************************************************************************************************************
;============================================================================================================
"PriorityBoost"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;The priority boost that AFD gives to a thread when it completes I/O for that thread. If a multithreaded
;application experiences starvation of some threads, the problem may be remedied by reducing this value.
;
;Acceptable Ranges -> 0–16
;
;DEFAULT = 2
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpMaxHalfOpen"=dword:00000064
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;This controls the # of connects in the SYN-RCVD state allowed before SYN-ATTACK protection
;begins to operate. If SynAttackProtect is set to 1, ensure that this value is lower than the AFD listen
;backlog on the port that you want to protect (see backlog parameters in Appendix C for more information).
;See the SynAttackProtect parameter for more details.
;
;Acceptable Ranges -> 100–0xFFFF
;
;DEFAULT = 100 (Professional, Server), 500 (Advanced Server)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpMaxHalfOpenRetried"=dword:00000050
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;This controls the # of connects in the SYN-RCVD state for which there has been at least
;one retransmission of the SYN sent, before SYN-ATTACK attack protection begins to operate.
;See the SynAttackProtect parameter for more details.
;
;Acceptable Ranges -> 80–0xFFFF
;
;DEFAULT = 80 (Professional, Server), 400 (Advanced Server)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpMaxRetransmissionAttempts"=dword:00000005
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;This controls the # of connects in the SYN-RCVD state for which there has been at least
;one retransmission of the SYN sent, before SYN-ATTACK attack protection begins to operate. See the
;SynAttackProtect parameter for more details.
;
;Acceptable Ranges -> 80–0xFFFF
;
;DEFAULT = 80 (Pro/Server), 400 (AdvancedServer/Enterprise)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpMaxConnectRetransmissions"=dword:00000002
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2tworking/tcpip03.mspx#ECAA
;
;Determines how many times TCP retransmits an unanswered request for a new connection. TCP
;retransmits new connection requests until they are answered or until this value expires.
;
;TCP/IP adjusts the frequency of retransmissions over time. The delay between the original transmission
;& the first retransmission for each interface is determined by the value of the TcpInitialRTT entry
;By default, it is three seconds. This delay doubles after each attempt. After the final attempt, TCP/IP
;waits for an interval equal to double the last delay, & then it ab&ons the connection request.
;
;This entry determines how many times TCP retransmits requests for new connects. When sending
;data on existing connects, the maximum # of retransmissions is determined by the value of
;the TcpMaxDataRetransmissions entry.
;
;DEFAULT = 2 (Range 0-255)
;default not present in registry @
;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
;UdpAllowedPorts (multi_sz/multi-string value table edited by regedit.exe or regedt32.exe)
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Specifies the UDP ports on which incoming IP datagrams are accepted on this interface when
;security filtering is enabled. Security filtering is enabled when the value of the
;EnableSecurityFilters entry is 1 (see above)
;
;Blank, but present= no multi-string (multi_sz) data present
;0 (DEFAULT false/off (or not in the registry)) = ALL Udp datagrams accepted
;Specific IP protocol #s table via multi-string_sz values editor in regedit.exe/regedt32.exe to allow
;
;To change the value of this entry, use Network & Dial-up connects. Right-click Local Area
;Connection, click Properties, click Internet Protocol (TCP/IP), & then click the Properties
;button. On the Internet Protocol (TCP/IP) Properties page, click the Advanced button, click
;the Options tab, click TCP/IP filtering, click Properties & then, just above the UDP Ports
;box, click Permit Only. This entry is associated w/ the values added to the UDP Ports list on
;this page.
;
;IP PROTOCOL VALUE = 17
;
;There is no defined or predictable response when the value of this entry includes a zero
;together w/ IP protocol #s. Do not combine these values in this entry.
;
;NOT PRESENT FOR DIALUP NETWORK connects EITHER UNLESS "HACKED IN" via regedit OR regedt32
;Multi_SZ capable editor... apk
;
;MAY AFFECT SOME GAMES IF THIS IS TURNED OFF AS MANY GAMES UTILIZE IT FOR ONLINE PLAY SINCE
;IT doesnt VALIDATE PACKETS ;FOR SPEED WHEREAS TCP/IP DOES & IS NOT NECESSARY FOR GAMES
;& IS A "SLOWER" BUT MORE SECURE/RELIABLE PROTOCOL... apk
;
;DEFAULT = 0 (off/false) & not present unless EnableSecurityFilters present 1st on Windows 2003 Server
;& not typically visible by default @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;& EnableSecurityFilters which turns this on is typically 0, off by default as well
;
;TWEAK PARAMETERS: tuned
;ADD PORTS AS NEEDED HERE TO BLOCKOUT/FILTER TO SUPPLEMENT NAT "firewalling" routers (before IP stack)
;& SOFTWARE FIREWALL PROGRAMS (after IP stack) & this sits right @ the IP Stack level... apk
;============================================================================================================
;TcpAllowedPorts (multi_sz/multi-string value table edited by regedit.exe or regedt32.exe)
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Specifies the TCP ports on which incoming connection requests (SYNs) are accepted on this interface when
;security filtering is enabled. Security filtering is enabled when the value of the
;EnableSecurityFilters entry is 1 (see above)
;
;Blank, but present= no multi-string (multi_sz) data present No SYNs are accepted
;0 (DEFAULT false/off (or not in the registry)) = All SYNs are accepted
;Specific IP protocol #s table via multi-string_sz values editor in regedit.exe/regedt32.exe to allow
; (Only SYNs arriving on these ports are accepted from that table)
;
;To change the value of this entry, use Network & Dial-up connects. Right-click Local Area
;Connection, click Properties, click Internet Protocol (TCP/IP), & then click the Properties
;button. On the Internet Protocol (TCP/IP) Properties page, click the Advanced button, click
;the Options tab, click TCP/IP filtering, click Properties & then, just above the TCP Ports
;box, click Permit Only. This entry is associated w/ the values added to the TCP Ports list on
;this page.
;
;IP PROTOCOL VALUE = 6
;
;There is no defined or predictable response when the value of this entry includes a zero
;together w/ IP protocol #s. Do not combine these values in this entry.
;
;NOT PRESENT FOR DIALUP NETWORK connects EITHER UNLESS "HACKED IN" via regedit/regedt32 Multi_SZ editor
;
;DEFAULT = 0 (off/false) & not typically present unless EnableSecurityFilters present 1st on Win2k3 Server
;not typically visible by default @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;& EnableSecurityFilters which turns this on is typically 0, off by default as well
;
;TWEAK PARAMETERS: tuned
;ADD PORTS AS NEEDED HERE TO BLOCKOUT/FILTER TO SUPPLEMENT NAT "firewalling" routers (before IP stack)
;& SOFTWARE FIREWALL PROGRAMS (after IP stack) & this sits right @ the IP Stack level... apk
;============================================================================================================
"AllowUnqualifiedQuery"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Determines whether the Domain Name System (DNS) permits unqualified queries.
;
;This controls whether or not the Domain Name Resolver queries the Domain Name Server(s) w/ the
;host name, followed by a dot (.) only (an unqualified query). For example, if your computer is in
;mydomain.com & you ping 'target'(mydomain. ) no .org/.com/.gov/.pl/.ca etc. (country, business,
;government, or organization UNC/URL names) by default the DNS is queried for target.mydomain.com
;only. When This is set to 1, target is also queried.
;
;EXPLANATIONS & EXAMPLES
;
;AUTOMATED CHANGE METHODS VIA GUI IN OPERATING SYSTEM TIPS
;
;DEFAULT = 0 (off/false) DO NOT PERMIT UNQUALIFIED QUERIES vs. 1 (on/true) PERMIT THEM
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"PrioritizeRecordData"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;http://www.microsoft.com/technet/itsolutions/network/deploy/depovg/tcpip2k.mspx
;http://www.microsoft.com/resources/documentation/windows/2000/professional/reskit/en-us/part4/proch22.mspx
;
;This controls whether or not the Domain Name Resolver sorts the addresses that are returned in
;response to a query for a multihomed host. By default, the DNR sorts addresses that are on the same
;subnet as one of the interfaces in the querying computer to the top of the list.
;This is done to give preference to a common-subnet (non-routed) IP address, when possible.
;
;DEFAULT = 1 (on/true)
;BUT, not visible by default @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"Tcp1323Opts"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;This controls the use of RFC 1323 Timestamp & Window Scale TCP options. Explicit settings for timestamps
;& window scaling are manipulated w/ flag bits. Bit 0 controls window scaling, & bit 1 controls timestamps.
;
;The default behavior is as follows: do not use the Timestamp & Window Scale options when initiating TCP
;connects but use them if the TCP peer that is initiating communication includes them in the SYN segment.
;
;Window scaling permits TCP to negotiate a scaling factor for the TCP receive window size, allowing for
;a very large TCP receive window of up to 1 GB. The TCP receive window is the amount of data the
;sending host can send at one time on a connection.
;
;Timestamps help TCP measure round trip time (RTT) accurately in order to adjust retransmission
;timeouts. The Timestamps option provides 2 timestamp fields of 4 bytes each in the TCP header
;one to record the time the initial transmission is sent & one to record the time on the remote host.
;
;This entry is a 2-bit bitmask. The lower bit determines whether scaling is enabled; the higher bit
;determines whether timestamps are enabled. To enable a feature, set the bit representing the feature
;to 1. To disable a feature, set its bit to 0.
;
;Valid ranges = 0, 1, 2, 3
;
;0 (disable RFC 1323 options/Timestamps & window scaling are disabled.)
;1 (window scaling enabled only)
;2 (timestamps enabled only)
;3 (both options enabled)
;
;DEFAULT = not present in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;but 3 is the default even if not visible
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpWindowSize"=dword:0003e900
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Determines the largest TCP receive window that the system offers. The receive window is the #
;of bytes a sender can transmit w/out receiving an acknowledgment.
;In general, larger receive windows improve performance over high-delay, high-bandwidth networks.
;For greatest efficiency, the receive window should be an even multiple of the TCP Maximum Segment Size (MSS)
;This is both a per-interface parameter & a global parameter, depending upon where the registry
;key is located.
;
;If there is a value for a specific interface, that value overrides the system-wide value.
;See also GobalMaxTcpWindowSize.
;
;This entry overrides TCP's negotiated maximum receive window size & replaces it w/ the value of this entry.
;
;TCP uses a receive window that is four times the size of the maximum TCP segment size (MSS)
;negotiated during connection setup, up to a maximum size of 64 KB. TCP for Win2k also
;supports windows scaling, as detailed in RFC 1323, TCP Extensions for High Performance. Scaling
;enables TCP to provide a receive window of up to 1 GB.
;
;0–0x3FFFFFFF (1073741823 decimal). In practice the TCP/IP stack will round the # set to
;the nearest multiple of maximum segment size (MSS). Values greater than 64 KB can be achieved
;only when connecting to other systems that support RFC 1323 Window Scaling, which is discussed
;in the “Transmission Control Protocol (TCP)” section of this document.
;
;Default: The smaller of the following values:
; 0xFFFF
; GlobalMaxTcpWindowSize (another registry parameter)
; The larger of four times the MSS
; 16384 rounded up to an even multiple of the MSS
;
;The stack also tunes itself based on the media speed:
; Below 1 Mbps: 8 KB
; 1 Mbps – 100 Mbps: 17 KB
; Greater than 100 Mbps: 64 KB
;
;The default can start at 17520 for Ethernet, but may shrink slightly when the connection is established
;to another computer that supports extended TCP header options, such as Selective Acknowledgements (SACK)
;& TCP Timestamps, because these options increase the size of the TCP header beyond the usual 20 bytes,
;leaving slightly less room for data.
;
;For Ethernet networks, the default value of this entry is 0x4470 (17,520, or 12 segments of 1,460 bytes
;each). For other networks, the default value is 0xFFFF (65,535) unless 0xFFFF is larger than:
;
; Four times the maximum TCP data size on the network; &
; 0x2000 (8,192) rounded up to an even multiple of the network TCP data size.
;
;This entry determines the maximum receive window size for this interface. When configuring this
;interface, this entry takes precedence over the GlobalMaxTcpWindowSize entry, which establishes
;a maximum window size for all interfaces.
;
;Win2k automatically uses windows scaling if the value of this entry is greater than 64 KB.
;To disable windows scaling, set the value of the Tcp1323Opts entry to 0 or 2.
;
;DEFAULT = not present in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;but 0xFFFF is for dialup default & Ethernet = 0x4470 even if not visible
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"GlobalMaxTcpWindowSize"=dword:0003e900
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;DESCRIPTION
;
;Determines the largest TCP receive window that the system offers. The receive window is the #
;of bytes a sender can transmit w/out receiving an acknowledgment. This entry takes precedence over
;TCP's negotiated maximum receive window size.
;
;TCP uses a receive window that is four times the size of the maximum TCP segment size (MSS)
;negotiated during connection setup, up to a maximum size of 64 KB. TCP for Win2k also
;supports windows scaling, as detailed in RFC 1323, TCP Extensions for High Performance. Scaling
;enables TCP to provide a receive window of up to 1 GB.
;
;For Ethernet networks, the default value of this entry is 0x4470 (17,520, or 12 segments of 1,460 bytes
;each). For other networks, the default value is 0xFFFF (65,535), unless 0xFFFF is larger than each of
;the following:
;
; Four times the maximum TCP data size on the network.
; 0x2000 (8,192), rounded up to an even multiple of the network TCP data size.
;
;This entry determines the default maximum receive window size for all interfaces. When configuring
;any particular interface, the value of the TcpWindowSize entry for that interface takes precedence
;over the value of this entry.
;
;Range = 0x0–0x3FFFFFFF (1073741823 decimal; however, values greater than 64 KB can only be achieved
; when connecting to other systems that support RFC 1323 window scaling, which
; is discussed in the TCP section of this document.)
;
;DEFAULT = NONE really see description above in conjunction w/ TcpWindowSize & Tcp1323Opts
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpMaxDupAcks"=dword:00000002
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Specifies how many duplicate ACKs (ACKs for the same sequence #s) constitute a signal to
;retransmit a segment. If you set the value of this entry to 1, the system retransmits a segment when
;it receives an ACK for a segment w/ a sequence # that is less than the # of the segment
;currently being sent.
;
;This determines the # of duplicate ACKs that must be received for the same sequence #
;of sent data before fast retransmit is triggered to resend the segment that has been dropped in transit.
;
;This is described in more detail in the “Transmission Control Protocol (TCP)” section of this paper.
;
;When data arrives w/ a sequence # that is greater than expected, the receiver assumes that
;data w/ the expected # was dropped, & it immediately sends an ACK w/ the ACK #
;set to the expected sequence #. The receiver sends ACKs set to the same missing # each
;time it receives a TCP segment that has a sequence # greater than expected. The sender
;recognizes the duplicate ACKs & sends the missing segment.
;
;This entry is used only when the receiver supports the fast retransmit feature. Fast retransmit lets
;TCP retransmit data before the retransmission timer (as set by the value of the TcpInitialRtt entry)
;expires.
;
;Range 1-3
;
;DEFAULT = 2
;but not present in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpInitialRTT"=dword:00000003
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Determines how long TCP waits to retransmit a connection request if it doesnt receive a response to
;the original request for a new connection.
;
;This value initializes the retransmission timer. It specifies the time that must elapse between the
;original transmission & the first retransmission. On each subsequent retransmission, the previous
;interval is doubled. This strategy assumes that the response is delayed because the connection is slow.
;
;By default, the retransmission timer is initialized to three seconds, & the request (SYN) is sent
;twice, as specified in the value of the TcpMaxConnectRetransmissions entry.
;
;Because the delay between retransmissions grows exponentially, the initial value stored in the value
;of this entry should be very small. A value greater than 3 (seconds) prevents the server from
;expeditiously disposing unacknowledgeable connection requests.
;
;DEFAULT = 3
;not present in registry @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"EnableFastRouteLookup"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Determines whether the fast route lookup feature is enabled. Fast route lookups make route searches
;faster, but they use a significant amount of non-pageable memory.
;
;Fast route look-up is enabled if this flag is set. This can make route lookups faster at the expense of
;non-paged pool memory. This flag is used only if the computer runs Windows Server 2003 & falls into the
;medium or large class (in other words, contains at least 64 MB of memory). This
;parameter is created by the Routing & Remote Access service.
;
;AUTOMATED CHANGE METHODS VIA GUI IN OPERATING SYSTEM TIPS
;
;DEFAULT = 0 & Win2k doesnt add this entry to the registry. You can add it by editing the registry or by
;using regedit.ext OR regedt32.exe & by default not present in registry
;@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;This entry is used only on Win2k Server computers that have at least 64 MB of physical memory.
;This entry applies only when Routing & Remote Access Service is enabled on the system.
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"FFPControlFlags"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Determines whether Fast Forwarding Path for Offload (FFP) is enabled.
;
;If This is set to 1, Fast Forwarding Path (FFP) is enabled. If it is set to 0, TCP/IP instructs
;all FFP-capable adapters not to do any fast forwarding on this computer. FFP-capable network adapters can
;receive routing information from the stack & forward subsequent packets in hardware w/out passing them
;up to the stack. FFP parameters are located in the TCP/IP registry key, but are actually placed there by
;the Routing & Remote Access service.
;
;DEFAULT = 1 (on/true)
;0 = Determines whether Fast Forwarding Path for Offload (FFP) is enabled.
;1 = FFP is enabled. TCP/IP provides for fast forwarding on this system.
;
;Win2k doesnt add this entry to registry. You add it by editing registry or by regedit.exe/regedt32.exe
;This entry is used only when Routing & Remote Access Service is enabled on this system.
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"FFPFastForwardingCacheSize"=dword:00030d40
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Specifies the maximum amount of system memory that a device driver can allocate to its fast
;forwarding cache. The fast forwarding cache is a section of reserved memory used to support TCP/IP
;fast forwarding.
;
;This entry is used only when fast forwarding is enabled (that is, when the value of the
;FFPControlFlags entry is 1) & the driver uses system memory for its cache. This value doesnt
;apply when the driver uses memory on the device for its cache.
;
;This is the maximum amount of memory that a driver that supports fast forwarding path (FFP) can allocate for
;its fast-forwarding cache if it uses system memory for its cache. If the device has its own memory for
;fast-forwarding cache, this value is ignored.
;
;Acceptable parameter range 0x0–0xFFFFFFFF (bytes)
;
;DEFAULT = 0x19000 (102,400)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry or
;by regedit.exe/regedt32.exe Is used, but not present @
;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"ForwardBufferMemory"=dword:00019df7
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Determines the size of the buffer that IP allocates for storing packet data in the router packet queue.
;Because packet queue data buffers are 256 bytes long, the value of this entry must be a multiple of 256
;
;The default value of 74,240 bytes is enough for 50 packets of 1480 bytes each, rounded to a multiple pf 256
;
;When the buffer space is full, the router begins discarding packets at random from its queue. If packets
;are too large for the buffer, multiple buffers are chained together. If no buffers are allocated or if the
;IP router is not enabled, this entry is ignored.
;
;Because packet headers are stored separately, buffer size is not affected by the IP header for a packet.
;
;Acceptable Ranges - 0x0–0xFFFFFFFF (bytes, in 256-byte increments)
;
;DEFAULT = 0x12200 (74,240 bytes)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"MaxForwardBufferMemory"=dword:001f4000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Establishes the maximum amount of memory that IP can allocate to store packet data in the router
;packet queue. The value of this entry must be greater than or equal to the value of the
;ForwardBufferMemory entry.
;
;This limits the total amount of memory that IP can allocate to store packet data in the router
;packet queue. This value must be greater than or equal to the value of the ForwardBufferMemory parameter.
;See the description of ForwardBufferMemory for more details.
;
;Acceptable Ranges - Network MTU–0xFFFFFFFF
;
;DEFAULT = 0x200000 (2 MB) 2097152 decimal
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"MaxFreeTcbs"=dword:000007d0
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/tcpip03.mspx#ECAA
;
;Determines the # of TCP control blocks (TCBs) the system creates to support active connects
;Because each connection requires a control block, this value determines how many active connects
;TCP can support simultaneously. If all control blocks are used & more connection requests arrive, TCP
;can prematurely release connects in the TIME_WAIT state in order to free a control block for a new connects.
;Normally, TCP doesnt release a connection or reuse its resources until the connection has remained
;closed for a period specified by the value of the TcpTimedWaitDelay (see next entry below) entry.
;This interval is known as the TIME_WAIT or 2MSL (2 x maximum segment lifetime) state. However, if the system
;is supporting an unusually large # of connects & is running short of connection resources, TCP releases
;the connection before the value stored in the TcpTimedWaitDelay entry has expired.
;The default value for this entry is determined both by the amount of physical memory on the computer
;when TCP/IP starts & by the version of Windows running on the computer, as shown in the

following table
;
;SMALL SYSTEM (Less than 19 MB RAM) - Server = 500, Pro/Workstation = 250
;MEDIUM SYSTEM (19–63 MB RAM) - Server = 1000 , Pro/Workstation = 500
;LARGE SYSTEM (64 MB or more RAM) - Server = 2,000 , Pro/Workstation = 1,000
;
;Acceptable Ranges - 0x0–0xFFFFFFFF (connects)
;
;DEFAULT = see table above (Varies w/ the system & amount of physical memory on the computer. See description.)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpTimedWaitDelay"=dword:0000001e
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;When a TCP connection is closed, the socket-pair is placed into a state known as TIME-WAIT. This is done so
;that a new connection doesnt use the same protocol, source IP address, destination IP address, source port,
;& destination port until enough time has passed to ensure that any segments that may have been misrouted or
;delayed are not delivered unexpectedly. RFC 793 specifies the length of time that the socket-pair should not
;be reused as 2;maximum segment lifetimes (2 MSL), or four minutes. This is the default setting for Windows
;Server 2003 TCP/IP. However, w/ this default setting, some ne2rk applications that perform many outbound
;connects in a short time may use up all available ports before the ports can be recycled. Windows Server
;2003 TCP/IP offers 2 methods of controlling this behavior. First, the TcpTimedWaitDelay registry parameter
;can be used to alter this value. Windows Server 2003 TCP/IP allows it to be set as low as 30 seconds, which
;should not cause problems in most environments. Second, the # of user-accessible ephemeral ports that can be
;used to source outbound connects is configurable using the MaxUserPorts registry parameter. By default,
;when an application requests any socket from the system to use for an outbound call, a port between the
;values of 1024 & 5000 is supplied. The ;MaxUserPorts parameter can be used to set the value of the uppermost
;port that the administrator chooses to allow for outbound connects. For instance, setting this value to
;10,000 (decimal) would make approximately 9000 user ports available for outbound connects. For more details
;on this concept, see RFC 793. See also the MaxFreeTcbs (below next) & MaxHashTableSize (next one after)
;registry parameters in Appendix A.
;
;DEFAULT = 30 second default based on MaxUserPorts ephemeral ports
; (short lived ports (dynamics that change ALOT per netstat -ano I have seen)
; usually WAY high up in the IP range 5000-65535 etc. in my experience)
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"MaxFreeTWTcbs"=dword:000007d0
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Determines the # of partitions in the Transport Control Block (TCB) table.
;Partitioning the TCB table minimizes contention for table access. Especially useful on SMP/HT systems.
;This controls the # of Transport Control Blocks (TCBs) in the TIME-WAIT state that are allowed on the
;TIME-WAIT state list. Once this # is exceeded, the oldest TCB will be scavenged from the list. In order to
;maintain connects in the TIME-WAIT state for at least 60 seconds, this value should be >= (60 * (the rate
;of graceful connection closures per second)) for the computer. The default value is adequate for most cases
;
;Acceptable ranges - 0x1–0xFFFF
;
;DEFAULT = 0x4 (1000 decimal)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;Do not change the value of this entry before studying the effect of different values in a test environment.
;When testing, do not enter a value greater than 2 times the # of processors on the computer.
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"MaxHashTableSize"=dword:00000800
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Determines the size of the hash table in which TCP control blocks (TCBs) are stored.
;TCP stores control blocks in a hash table so it can find them very quickly. If you adjust the # of
;TCBs the system creates (as specified by the value of the MaxFreeTcbs entry), you should also adjust
;the value of this entry proportionately.
;This value should be set to a power of 2 (for example, 512, 1024, 2048, & so on.) If this value is not a
;power of 2, the system configures the hash table to the next power of 2 value (for example, a setting of
;513 is rounded up to 1024.) This value controls how fast the system can find a TCB & should be increased
;if MaxFreeTcbs is increased from the default.
;
;The value of this entry must be a power of 2. If you change the value, the system rounds the
;value you enter to the next higher power of 2.
;
;Acceptable Ranges - 64–65,536 (table entries) 0x40–0x10000 (64-65536 decimal)
;
;DEFAULT = 512
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"MaxNormLookupMemory"=dword:00030d40
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Determines the maximum amount of system memory that TCP can allocate for the routing table & its data
;This controls the maximum amount of memory that the system allows for the route table data & the routes
;themselves. It is designed to prevent memory exhaustion on the computer caused by adding large #s of routes.
;
;Acceptable Ranges - 0x0 | 0x1–0xFFFFFFFE (bytes) | 0xFFFFFFFF
;Values Table:
;
;0x0 = There is no TCP routing table.
;0x1–0xFFFFFFFE = Specifies the maximum amount of system memory that can be allocated to the TCP routing table.
;0xFFFFFFFF = There is no limit on the amount of system memory that TCP can allocate to the TCP routing table.
;
;The default value for this entry is determined both by the amount of physical memory on the computer
;when TCP/IP starts & by the version of Windows running on the computer, as shown in the following table:
;
;The following default values are used:
;
;Small is defined as a computer w/ less than 19 MB of RAM,
;Medium is 19–63 MB of RAM,
;& Large is 64 MB or more of RAM.
;
;< 19 MB -> Server = 0x25800 (150 KB = 1,000 routes), Pro/Workstation = 0x25800 (150 KB = 1,000 routes)
;19&#8211;63 MB -> Server ONLY = 0x180000 (1.5 MB = 10,000 routes)
;64mb > -> Server ONLY = 0x500000 (5 MB = 40,000 routes)
;
;For Windows Server 2003:
;
;Small system&#8212;150,000 bytes, which accommodates 1000 routes
;Medium system&#8212;1,500,000 bytes, which accommodates 10,000 routes
;Large system&#8212;5,000,000 bytes, which accommodates 40,000 routes
;
; (150,000 bytes, which accommodates 1000 routes)
;
;DEFAULT = (Varies w/ the system & amount of physical memory on the computer. See description.)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;************************************************************************************************************
;BEGIN AFD registry subsection [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters] related
;************************************************************************************************************
;============================================================================================================
"IgnorePushBitOnReceives"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Setting This to a 1 causes Afd.sys to treat all incoming packets as though the push bit was set.
;This should only be done when necessary to work around client TCP/IP implementations that are not properly
;pushing data.
;
;If a client program is run on a computer w/ a TCP/IP implementation that doesnt set the PUSH bit on sends,
;response delays may result. It's best to correct this on the client side; however, a configuration parameter
; (IgnorePushBitOnReceives) added to Afd.sys to force it to treat all arriving packets as though the PUSH bit
;were set.
;
;Normally, Windows Server 2003 completes a Windows Sockets Receive when one of the following occurs:
;
;Data arrives w/ the push bit set.
;
;The user recv buffer is full.
;
;0.5 seconds have elapsed since any data arrived.
;
;DEFAULT = 0 (off/false boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DefaultReceiveWindow"=dword:0000e666
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;The # of receive bytes that AFD buffers on a connection before imposing flow control.
;For some applications, a larger value here gives slightly better performance at the expense of
;increased resource utilization. Applications can modify this value on a per-socket basis w/
;the SO_RCVBUF socket option.
;
;DEFAULT = 4096/8192/8192
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DefaultSendWindow"=dword:0000e666
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This is similar to DefaultReceiveWindow, but for the send side of connects. (See setting above this one)
;
;DEFAULT = 4096/8192/8192
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"SmallBufferSize"=dword:00000800
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;The size in bytes of small buffers used by AFD.
;
;DEFAULT = 128
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"MediumBufferSize"=dword:00001000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;The size, in bytes, of medium buffers used by AFD.
;
;DEFAULT = 1504
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"LargeBufferSize"=dword:00002000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;The size, in bytes, of large buffers used by AFD. Smaller values use less memory & larger values can improve
;performance. LargeBufferSize are in Megabytes (MB) & need to be adjusted according to the configuration of
;your server. The buffers are allocated from physical memory, so set the sizes accordingly.
;
;DEFAULT = PAGE_SIZE (4096 bytes on i386, 8192 bytes on Alpha)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;************************************************************************************************************
;END AFD registry subsection [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters] related
;************************************************************************************************************
;============================================================================================================
"CacheTimeout"=dword:0000ea60
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This value determines the time interval that names are cached in the remote name table.
;The nbtstat &#8211;c command can be used to view the remaining time for each name in the cache.
;
;Acceptable Ranges - 0xEA60&#8211;0xFFFFFFFF
;
;DEFAULT = 0x927c0 (600000 milliseconds = 10 minutes)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"AllowUserRawAccess"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;For information about raw sockets, see the Windows Sockets Specification link on the Web Resources page:
;http://www.sockets.com/winsock.htm
;http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winsock/winsock/tcp_ip_raw_sockets_2.asp
;
;Determines whether users who are not administrators can use raw sockets. By default, only users in
;the Administrators group can use them.
;This controls access to raw sockets. If true, non - administrative users have access to raw sockets.
;By default, only administrators have access to raw sockets. For more information on raw sockets, see the
;Windows Sockets Specifications available from ftp://ftp.microsoft.com/bussys/winsock/winsock2/.
;
;When an application sends a datagram it may or may not include the IP header at the front of the
;outgoing datagrams depending on the IP_HDRINCL option set for the socket.
;An application always gets the IP header at the front of each received datagram regardless of the
;P_HDRINCL option
;
;If a foreign address is defined for the socket, it should correspond to the source address as
;specified in the IP header of the received datagram.
;
;IMPORTANT: OPENS THE DOOR FOR SPOOFING UDP HEADERS OR NOT SENDING ANY INFORMATION AT ALL IN PACKETS FOR
;SOURCE vs. DESTINATION:
;
;"The Microsoft implementation of TCP/IP on Windows is capable of opening a raw UDP socket:
;
;An application may specify the foreign IP address by calling connect functions. If no foreign IP address
;is specified for the socket, the datagrams are copied into the socket regardless of the source IP address
;in the IP header of the received datagram. (In other words you DON'T KNOW where they came from!)
;
;It is important to understand that SOCK_RAW sockets may get many unexpected datagrams. For
;example, a PING program may use SOCK_RAW sockets to send ICMP echo requests. While the
;application is expecting ICMP echo responses, all other ICMP messages (such as ICMP
;HOST_UNREACHABLE) may be delivered to this application also. Moreover, if several SOCK_RAW
;sockets are open on a machine at the same time, the same datagrams may be delivered to all the
;open sockets. An application must have a mechanism to recognize its datagram & to ignore all
;others. Such mechanism may include inspecting the received IP header&#8211;using unique identifiers in the
;ICMP header (ProcessID, for example), & so forth."
;
; * i.e.-> Now, was Mr. Steve Gibson Wrong worrying about this? I think not & agree w/ him... apk
;
;DEFAULT = 0 (off/false) Only administrators can use raw sockets & 1 (on/true) All users can use raw sockets.
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;I would only leave this to admin. users... apk
;============================================================================================================
"ArpCacheLife"=dword:000002bc
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Determines how long an unreferenced entry can remain in the Address Resolution Protocol (ARP) cache
;table. Entries cannot remain in the table longer than specified by the value of this entry. However,
;entries can be removed sooner if the table space they occupy is needed to store a new entry.
;By default, this entry applies to unreferenced entries, & the ArpCacheMinReferencedLife entry
;applies to referenced entries, which defaults to a duration of 10 minutes. However, referenced entries
;must remain in the table at least as long as unreferenced entries. Therefore, if the value of this entry
;is greater than or equal to the value of the ArpCacheMinReferencedLife entry, the
;ArpCacheMinReferencedLife entry is ignored, & the ArpCacheLife entry applies to both referenced
;& unreferenced entries.
;
;ArpCacheMinReferencedLife (see next entry) controls the minimum time until a referenced ARP cache entry
;expires. This can be used in combination w/ the ArpCacheLife parameter, as follows:
;
;In absence of an ArpCacheLife parameter, the defaults for ARP cache time-outs are a 2-minute time-out
;on unused entries & a ten-minute time-out on used entries
;
;If ArpCacheLife is greater than or equal to ArpCacheMinReferencedLife, referenced & unreferenced ARP cache
;entries expire in ArpCacheLife seconds.
;If ArpCacheLife is less than ArpCacheMinReferencedLife, unreferenced entries expire in ArpCacheLife seconds,
;& referenced entries expire in ArpCacheMinReferencedLife seconds.
;
;Entries in the ARP cache are referenced each time that an outbound packet is sent to the IP
;address in the entry.
;
;Acceptable Ranges -> 0&#8211;0xFFFFFFFF / 0x0&#8211;0xFFFFFFFF (seconds)
;
;DEFAULT = 10 minutes (600 seconds) on USED entries & 0x78 (120 seconds = 2 minutes) on unused entries for
;its aging algorithm...
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;In absence of an ArpCacheLife parameter, the defaults for ARP cache time-outs are a 2-minute time-out on
;unused entries & a ten-minute time-out on used entries
;
;This doesnt affect ARP cache table entries that are added manually. TCP/IP doesnt remove manual entries
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"ArpCacheMinReferencedLife"=dword:000002bc
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;ArpCacheMinReferencedLife controls the minimum time until a referenced ARP cache entry expires. This
;can be used in combination w/ the ArpCacheLife parameter, as follows:
;
;In absence of an ArpCacheLife parameter, the defaults for ARP cache time-outs are a 2-minute time-out on
;unused entries & a ten-minute time-out on used entries
;
;If ArpCacheLife is greater than or equal to ArpCacheMinReferencedLife, referenced & unreferenced ARP cache
;entries expire in ArpCacheLife seconds.
;If ArpCacheLife is less than ArpCacheMinReferencedLife, unreferenced entries expire in ArpCacheLife seconds,
;& referenced entries expire in ArpCacheMinReferencedLife seconds.
;
;Entries in the ARP cache are referenced each time that an outbound packet is sent to the
;IP address in the entry.
;
;DEFAULT = 600 seconds (10 minutes)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;In absence of an ArpCacheLife parameter, the defaults for ARP cache time-outs are a 2-minute time-out on
;unused entries & a ten-minute time-out on used entries
;
;Entries in the ARP cache are referenced each time that an outbound packet is sent to the IP address
;in the entry.
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DefaultRegistrationTTL"=dword:00000014
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This can be used to control the TTL value sent w/ dynamic DNS registrations.
;
;Acceptable Ranges - 0&#8211;0xFFFFFFFF
;
;DEFAULT = 0x4B0 (1200 decimal, or 20 minutes)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DefaultTTL"=dword:00000030
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Specifies the default time-to-live (TTL) value set in the header of outgoing IP packets. The TTL determines
;the maximum amount of time that an IP packet may live in the ne2rk w/out reaching its destination.
;It is effectively a limit on the # of links on which an IP packet is allowed to travel before being discarded.
;
;Acceptable Ranges -> 0&#8211;0xff (0&#8211;255 decimal)
;
;DEFAULT = 128
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DisableAddressSharing"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This is used to prevent address sharing (SO_REUSEADDR) between processes so that if a process
;opens a socket, no other process can steal data from it. A similar effect can be achieved if an application
;uses the new socket option SO_EXCLUSIVEADDRUSE. This setting allows administrators to secure older
;applications that are not aware of this option.
;
;DEFAULT = 0 (off/false)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DisableReplaceAddressesInConflicts"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This is used to turn off the address registration conflict rule that the last writer wins.
;By default, a computer doesnt replace any current records on the DNS server that do not appear to
;have been owned by it at one time.
;
;DEFAULT = 0 (off/false)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DisableReverseAddressRegistrations"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This can be used to turn off DNS dynamic update reverse address (PTR) record registration.
;If the DHCP server that configures this computer is running Windows Server 2003, then it is capable of
;registering the PTR record w/ the DNS dynamic update protocol. However, if the DHCP server is not capable
;of performing DNS dynamic update PTR registrations & you do not want to register PTR records w/ the DNS
;dynamic update protocol, set This to 1.
;
;Disables the Domain Name System (DNS) dynamic update registration of PTR (pointer) records by this DNS
;client. PTR (pointer) records associate an IP address w/ a computer name.
;
;This entry is designed for enterprises in which the primary DNS server that is authoritative for the
;reverse lookup zone cannot or is configured not to perform dynamic updates. It reduces unnecessary
;ne2rk traffic & eliminates event log errors that record failed attempts to register PTR records.
;
;Acceptable parameters -> 0 = Register PTR records, 1 = Do not register PTR records.
;
;DEFAULT = 0 (off/false boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DisjointNameSpace"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This instructs the DNR to treat each interface as a disjoint name space. On a multihomed computer,
;a query to the DNS server(s) that is/are configured for one interface may result in a name error. This
;parameter is used to instruct the resolver to try the query against the possible DNS servers that are
;configured for other interfaces before returning results.
;
;DEFAULT = 1 (Off/False boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"EnablePMTUBHDetect"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Setting This to 1 (true) causes TCP to try to detect PMTU black hole routers while doing Path MTU
;Discovery. A PMTU black hole router doesnt return ICMP Destination Unreachable messages when it needs to
;fragment an IP datagram w/ the Don&#8217;t Fragment bit set. TCP depends on receiving these messages to perform
;Path MTU Discovery. w/ this feature enabled, TCP tries to send segments w/out the Don&#8217;t Fragment bit set
;if several retransmissions of a segment go unacknowledged91. If the segment is acknowledged as a result, the
;MSS is decreased & the Don&#8217;t Fragment bit is set in future packets on the connection. Enabling PMTU black
;hole detection increases the maximum # of retransmissions that are performed for a given segment.
;
;Enabling black hole detection increases the maximum # of times TCP retransmits a given segment.
;
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;DEFAULT = 0 (off/false boolean switch)
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"IPReassemblyTimeOut"=dword:0000005a
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Determines how long IP accepts fragments when attempting to reassemble a previously fragmented packet.
;That is, if a packet is fragmented, all of the fragments must make it to the destination w/in this time
;limit; otherwise, the fragments will be discarded & the packet will be lost.
;
;DEFAULT = 60 seconds
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"NoNameReleaseOnDemand"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This determines whether the computer releases its NetBIOS name when it receives a name-release
;request from the ne2rk. It was added to allow the administrator to protect the machine against malicious
;name-release attacks.
;
;DEFAULT = 0 (off/false boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned Recommended 1 for security purposes... apk
;
;============================================================================================================
"QueryIpMatching"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This controls whether or not the IP address of the DNS server queried is matched to the IP address
;of the server that sent the DNS response. This can be used as a primitive security feature to ensure that
;the resolver is not being fooled by a random query response from some computer other than the intended
;DNS server.
;
;By default, the resolver accepts responses from the servers that it did not query. This feature speeds
;performance but can be a security risk, especially effective in DnsCache parms area of registry as well
;... apk per 2nd URL above.
;
;THIS ALSO CAN BE ADDED TO -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DnsCache\Parameters
;
;DEFAULT = 0 (off/false boolean switch) Depending on if you want "positive dns caching" or
;"negative dns caching"
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;ipconfig.exe /flushdns typed in @ DOS prompt console window tty terminal clears the DNS cache
;
;TWEAK PARAMETERS: tuned 0 is faster ne2rk performance, 1 is more secure... apk
;
;============================================================================================================
"SackOpts"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This controls whether or not Selective Acknowledgment (SACK) support, as specified in RFC 2018,
;is enabled. SACK described in more detail in &#8220;Transmission Control Protocol (TCP)&#8221; section of this paper.
;
;Enables & disables the Selective Acknowledgment (SACK) feature of Win2k TCP/IP. SACK is specified in
;RFC 2018, TCP Selective Acknowledgement Options.
;
;SACK is an optimizing feature that lets you acknowledge receipt of individual blocks of data in a continuous
;sequence, rather than just the last sequence #. The recipient can tell the sender that one or more data
;blocks are missing from the middle of a sequence, & the sender can retransmit only the missing data.
;
;DEFAULT = 1 (on-off boolean switches)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"UpdateSecurityLevel"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This can be used to control the security that is used for DNS dynamic updates. It defaults to 0,
;to try nonsecure update, & if refused, to send Windows Server 2003 secure dynamic updates. Valid values
;are listed below:
;
;0x00000000&#8212;default, nonsecure updates
;
;0x00000010&#8212;security OFF (16 decimal)
;
;0x00000100&#8212;secure ONLY ON (256 decimal)
;
;Acceptable Ranges -> 0,0x00000010, 0x00000020, 0x00000100
;
;DEFAULT = 0 (off/false boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpUseRFC1122UrgentPointer"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This determines whether TCP uses the RFC 1122 or RFC 793 specification for urgent data
; (used by BSD-derived systems). There are 2 ways to interpret the value of the Urgent Pointer field in the
;TCP header: RFC 793 defines the value as indicating first byte of normal data, RFC 1122 defines the value
;as indicating the last byte of urgent data. These 2 interpretations are not interoperable. Windows Server
;2003 TCP/IP defaults to the RFC 793 interpretation (BSD mode).
;
;DEFAULT = 1/0 (on-off boolean switches)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"Transmitworker"=dword:00000020
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Datagrams smaller than the value of This go through the fast I/O path or are buffered on send.
;Larger ones are held until the datagram is actually sent. The default value was found by testing to be
;the best overall value for performance. Fast I/O means copying data & bypassing the I/O subsystem,
;instead of mapping memory & going through the I/O subsystem. This is advantageous for small amounts
;of data. Changing this value is not generally recommended.
;
;DEFAULT = 1024
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"FastSendDatagramThreshold"=dword:00001000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Datagrams smaller than the value of This go through the fast I/O path or are buffered on send.
;Larger ones are held until the datagram is actually sent. The default value was found by testing to be the
;best overall value for performance. Fast I/O means copying data & bypassing the I/O subsystem, instead of
;mapping memory & going through the I/O subsystem. This is advantageous for small amounts of data.
;Changing this value is not generally recommended.
;
;DEFAULT = 1024
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned DON'T! apk
;
;============================================================================================================
"MaxFastTransmit"=dword:0000fa00
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This controls the maximum amount of data that is transferred in a TransmitFile request on the fast
;path. Fast I/O is essentially copying data & bypassing the I/O subsystem, instead of mapping memory &
;going through the I/O subsystem. This is advantageous for small amounts of data. Changing this value is
;not generally recommended.
;
;Acceptable Ranges -> 0&#8211;0xffffffff
;
;DEFAULT = 64kb
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"IGMPLevel"=dword:00000002
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This determines to what extent the system supports IP multicasting & participates in the Internet
;Group Management Protocol. At level 0, the system provides no multicast support. At level 1, the system can
;send IP multicast packets but cannot receive them. At level 2, the system can send IP multicast packets &
;fully participate in IGMP to receive multicast packets.
;
;Acceptable Ranges -> 0,1,2
;
;DEFAULT = 2
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"BCastNameQueryCount"=dword:00000002
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This value determines the # of times NetBT broadcasts a query for a specific name w/out receiving a response.
;
;Acceptable Ranges -> 1&#8211;0xFFFF
;
;DEFAULT = 3
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"BcastQueryTimeout"=dword:00000064
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This value determines the time interval between successive broadcast name queries for the same name.
;
;Acceptable Ranges -> 100&#8211;0xFFFFFFFF
;
;DEFAULT = 0x2ee (750 decimal)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"KeepAliveInterval"=dword:0000015e
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This determines the interval between TCP keep-alive retransmissions until a response is received.
;Once a response is received, the delay until the next keep-alive transmission is again controlled by the
;value of KeepAliveTime. The connection is aborted after the # of retransmissions specified by
;TcpMaxDataRetransmissions have gone unanswered.
;
;Acceptable Parameter Ranges -> 1&#8211;0xFFFFFFFF
;
;DEFAULT = 1000 (one second)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"NameSrvQueryTimeout"=dword:00000064
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This value determines the time interval between successive name queries to WINS for a specified name
;
;Acceptable Parameter Ranges -> 100&#8211;0xFFFFFFFF
;
;DEFAULT = 1500 (1.5 seconds)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"SessionKeepAlive"=dword:00001c20
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This value determines the time interval between keep-alive transmissions on a session. Setting the value
;to 0xFFFFFFF disables keep-alives.
;
;Acceptable Parameter Ranges -> 60,000&#8211;0xFFFFFFFF
;
;DEFAULT = 3,600,000 (1 hour)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DisableUserTOSSetting"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This can be used to allow programs to manipulate the Type Of Service (TOS) bits in the header of
;outgoing IP packets. In Windows Server 2003, this defaults to True. In general, individual applications
;should not be allowed to manipulate TOS bits.
;
;DEFAULT = 1 (on/true boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"Size/Small/Medium/Large"=dword:00000003
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This value determines the size of the name tables that are used to store local & remote names.
;In general, a setting of 1 (small) is adequate. If the system is acting as a proxy name server,
;the value is automatically set to 3 (large) to increase the size of the name cache hash table.
;
;Hash table buckets are sized as follows:
;Acceptable Paramter Ranges -> 1, 2, 3 (small 16, medium 128, large 256)
;
;DEFAULT = 1 (small)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"MaxNumForwardPackets"=dword:0000024a
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This limits the total # of IP packet headers that can be allocated for the router packet
;queue. This value must be greater than or equal to the value of the NumForwardPackets parameter. See the
;description of NumForwardPackets for more details
;
;Acceptable Parameter Ranges -> 1&#8211;0xFFFFFFFF
;
;DEFAULT = 0xFFFFFFFF
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"NumForwardPackets"=dword:0000024a
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This determines the # of IP packet headers that are allocated for the router packet queue.
;When all headers are in use, the system attempts to allocate more, up to the value configured for
;MaxNumForwardPackets (above). This value should be at least as large as the ForwardBufferMemory value
;divided by the maximum IP data size of the ne2rks that are connected to the router. It should be no
;larger than the ForwardBufferMemory value divided by 256 because at least 256 bytes of forward buffer
;memory is used for each packet. The optimal # of forward packets for a given ForwardBufferMemory
;size depends on the type of traffic that is carried on the ne2rk & is somewhere between these 2
;values. This is ignored & no headers are allocated if routing is not enabled.
;
;Determines how many IP packet headers TCP allocates to the router packet queue when the system starts.
;The value of this entry is used only when routing is enabled & headers are allocated.
;
;When all of the IP packet headers allocated at startup are in use, the router begins to randomly
;discard packets from the queue.
;
;DEFAULT = 1/0 (on-off boolean switches)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
;************************************************************************************************************
;START FOUND @ SECTION OF MICROSOFT REGARDING TCP TRANSPORTS (odd entries not found anyplace else)... apk
;************************************************************************************************************
;============================================================================================================
"TcpRecvSegmentSize"=dword:000005c0
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies the maximum receive segment size.
;
;DEFAULT = 1460
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"ArpCacheSize"=dword:00000080
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Determines the maximum # of entries that the ARP cache table can hold. The ARP cache is allowed to
;grow dynamically until this size is reached. After the table reaches this size
;new entries can only be added by replacing the oldest entries that exist.
;
;DEFAULT = 62
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TCPDisableReceiveChecksum"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies whether Checksums is disabled on receive.
;
;DEFAULT = 1 (on/true boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned set to 0 so no checksum is generated on received packets for speed
;
;============================================================================================================
"TCPDisableSendChecksum"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/A
;
;Specifies whether Checksums is disabled on send.
;
;DEFAULT = 1 (on/true boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned set to 0 so no checksum is generated on sent packets for speed
;
;============================================================================================================
"TcpKeepCnt"=dword:00000064
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies how often TCP/IP will generate keep-alive traffic. When TCP/IP determines that no activity has
;occurred on the connection w/in the specified time, it generates keep-alive traffic to probe the
;connection. After trying TcpKeepTries # of times to deliver the keep-alive traffic w/out success,
;it marks the connection as down.
;
;DEFAULT = 120
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpKeepTries"=dword:0000000a
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies the maximum # of times that TCP/IP will attempt to deliver keep-alive traffic before marking
;a connection as down.
;
;DEFAULT = 20
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpLogLevel"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies how verbose TCP/IP should be about logging events in the event log. The highest level of
;verbosity is 16, & 1 is the lowest level. The following shows general information about these levels.
;
;DEFAULT = 16 (log everything)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpMaxConnectAttempts"=dword:00000002
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies the maximum # of times TCP/IP attempts to establish a connection before reporting failure.
;The initial delay between connection attempts is 3 seconds. This delay is doubled after each attempt.
;
;DEFAULT = 3
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpSendDownMax"=dword:00008000
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies the maximum # of bytes queued by TCP/IP.
;
;DEFAULT = 16384
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpSendSegmentSize"=dword:000005c0
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies the maximum send segment size.
;
;DEFAULT = 1460
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"UDPDisableSendChecksum"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies whether Checksums is disabled on send of udp datagrams.
;
;DEFAULT = 0 (off/false boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"UDPDisableReceiveChecksum"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies whether Checksums is disabled on Receive of udp datagrams.
;
;DEFAULT = 0 (on/false boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
;************************************************************************************************************
;EXTRA-SETTINGS LIKE MSS, MTU, MAXMTU, & RWIN... apk
;From ->
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
; (for tuning, refer to APK Speedguide in URL @ top of this page &/or www.speedguide.net ... apk
;************************************************************************************************************
;============================================================================================================
;MTU
;
;Key: Tcpip\Parameters\Interfaces\interfaceGUID
;
;Value Type: REG_DWORD&#8212;#
;
;ValidRange: 88&#8211;the MTU of the underlying ne2rk
;
;Default: 0xFFFFFFFF
;Description: This overrides the default Maximum Transmission Unit (MTU) for a ne2rk interface.
;The MTU is the maximum IP packet size, in bytes, that can be transmitted over the underlying ne2rk.
;For values larger than the default for the underlying ne2rk, the ne2rk default MTU is used.
;For values smaller than 88, the MTU of 88 is used.
;Note: Windows Server 2003 TCP/IP uses PMTU detection by default & queries the NIC driver to find out
;what local MTU is supported. Altering the MTU parameter is generally not necessary & may result in
;reduced performance. See the "Path Maximum Transmission Unit (PMTU) Discovery" section of this paper
;for more details.
;============================================================================================================
;************************************************************************************************************
;************************************************************************************************************
;START DEPRECATED/OBSOLETE ENTRIES SECTION PER MICROSOFT WINDOWS 9x TCP/IP PARAMETERS ENTRIES...apk
;************************************************************************************************************
;============================================================================================================
;"ForwardBroadcasts"=dword:00000000 (Deprecated - 2000 onwards dont use this: commented off semi colon @ start)
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Do not delete this entry from the registry or change its value, can cause damage! apk
;2000 onwards doesnt use the above period to ForwardBroadCasts to other machines on ne2rks... apk
;
;DEFAULT = 0 (off/false) on Windows Server 2003
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
;************************************************************************************************************
;END DEPRECATED/OBSOLETE ENTRIES SECTION PER MICROSOFT WINDOWS 9x TCP/IP PARAMETERS ENTRIES...apk
;****************************************************************************************************
[Edited by Alec§taar on 2005-01-14 15:47:53]

If you tune & tweak the Tcp/IP stack in Windows Server 2003, this .reg file has ALL possible tweakings for it, fully documented with defaults listed so you can know what it is you are working on is, what its default is, and so you have a concise reference to change them back if you wish.

It is recommended if you install them, that you backup/export out the original settings first from the registry, & is listed in the install directions below as step #1.

ALL settings are split into 2 distinct groups in the saved .reg file you make from the 2 groups of data above!

(The first group internal to this file data being noted internally in the text for the .reg file you saved to disk as to what appears by default in your registry (per Microsoft OEM original Tcp/IP stack installation entries), & then secondly in a group in the same .reg file text data (noting NEW/NOT APPEARING BY DEFAULT settings added per each item that IS a non-default one))

It also lists new settings in this area in the registry for registry entries hacks unique to Windows Server 2003 as well as what is now deprecated vs. NT/2000/XP.

Full URL's to Microsoft are included as well, to the actual documtation from them (the Horses' Mouth) for these settings, which was used to help you on each as they are worked on for your future reference while working with them also.

To use/install them :
-------------------------------------

1.) Perform a regedit.exe File Menu-> Export of this section key (folder) in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

First, so you have a .reg file of the default entries (as this adds MANY more).

2.) Get out notepad.exe
3.) Copy them from the posting here between the first line and the last one in the second post.
4.) Paste each into notepad.exe (concatenating them)
5.) Save the .reg file to a name of your choosing like:

APKTunedWindowsServer2003SpeedAndSecurityRegHacks.reg

(Being sure to use File menu -> Save As submenu options, changing from the default .txt value to save the file as, instead to .reg & type ALL FILES, & then save it to disk for later registry merge! )

6.) Once saved, open Explorer.exe and double-click on the .reg extension filename you saved to disk to merge it
7.) Reboot system for it to take effect.



* You'll note a good boost in your networking speed locally AND online!

APK

Later this week I will put up fully documented (per Ms settings for each area in the registry tuned for speed & security) the following:

1.) AFD
2.) RpcSs
3.) NetBT
4.) LSA
5.) LanManServer
6.) LanManWorkstation
7.) DCom

As sections of the registry as well this week to paste up as well (also FULLY DOCUMENTED per defaults settings used vs. non-defaults as the above Tcp/IP section was written like) over the course of this week for security & speed tuning purposes as well for your reference & as an online reference for myself as well!



* They all work EXTREMELY well for securing your system online networking-wise & also boost its performance noticeably as well as a bonus once tuned thus!

APK