1) Set the survival time
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / Services / TCPIP / Parameters
Defaultttl REG_DWORD 0-0xFF (0-255 decimal, default 128)
Description: Specifies the default survival time (TTL) value set in the IP packet. TTL determines the IP packet is arriving.
The maximum time to survive before the target. It actually defines the route allowed by IP packets before discarding.
Number of entries. Sometimes this value uses this value to detect a remote host operating system.
2) Prevent ICMP to redirect the attack
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / Services / TCPIP / Parameters
EnableICMPREDirects reg_dword 0x0 (default is 0x1)
Description: This parameter controls whether Windows 2000 changes its routing table to respond to network devices (such as routers) to it.
ICMP redirection message, sometimes it is used to do bad things. The default value of thewin2000 is 1, indicating the response ICMP redirector
Text.
3) Prohibition response ICMP routing announcement message
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / TCPIP / Parameters / Inter
Faces / Interface
Performrouterdiscovery REG_DWORD 0x0 (default is 0x2)
Note: The "ICMP Routing Announcement" function can cause the network connection of others, and the data is eavesdropped, the computer is
For serious consequences such as traffic attacks. This problem has led to a large area of the campus network.
Therefore, it is recommended to turn off the response ICMP routing announcement message. The default value of 2 inwin2000 is 2, indicating that when DHCP sends a router
Enable now.
4) Prevent SYN flood attacks
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / Services / TCPIP / Parameters
SYNATTACKPROTECT REG_DWORD 0x2 (default is 0x0)
Description: SYN Attack Protection includes reducing the number of SYN-ACK reload to reduce allocation resources preserved
Route cache item resource allocation delay until it is established. If SYNATTACKPROTECT = 2,
Then the AFD connection indication has been delayed until the three-way handshake is completed. Note that only TCPMaxHalfopen and
TCPMAXHALFOPENRETRIED sets out of the range, the protection mechanism will take action.
5) Prohibition of the default sharing of C $, D $
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / LANMANSERVER / PARAMETERS
AutoShareserver, Reg_dword, 0x0
6) Disable admin $ default sharing
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / LANMANSERVER / PARAMETERS
AutoShaRewks, Reg_dword, 0x0
7) Limit IPC $ default sharing
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / CONTROL / LSA
Restrictanonymous reg_dword 0x0 default
0x1 anonymous users cannot enumerate the list of native users
0x2 anonymous users can't connect to this machine IPC $ sharing
Description: Not recommended 2, otherwise you may cause some of your services that cannot be started, such as SQL Server
8) IGMP protocol
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / Services / TCPIP / Parameters
IGMPLEVEL REG_DWORD 0x0 (default is 0x2)
Explanation: Remember that there is a bug under Win9X, which is used by IGMP to make others blue screen, modify the registry to correct this
Bug.Win2000 although there is no BUG, IGMP is not necessary, so it can be removed. Change to 0
Route Print will not see the annoying 224.0.0.0.9) Set the ARP Cache Aging Time Setting
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / Services: / TCPIP / Parameters
ArpCachelife REG_DWORD 0-0xfffffffff (second, default is 120 seconds)
ArpCacheminReference 0-0xfffffff (second, default is 600)
Description: If ArpCachelife is greater than or equal to ArpCacheminReferencedlife, reference or untrusted ARP
The cache item expires after ArpCachelife seconds. If ArpCachelife is less than ArpCacheminReferencedlife,
The uncolved item expires after ArpCachelife seconds, and the reference item expires after ArpCachemreferencedlife seconds.
Each time you send an outbound packet to an IP address of an item, you will reference the items in the ARP cache.
10) Prohibition of death gateway monitoring technology
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / Services: / TCPIP / Parameters
Enabledeadgwdetect reg_dword 0x0 (default is OX1)
Description: If you set multiple gateways, you will automatically switch your backup when your machine has difficulty in handling multiple connections.
Gateway. Sometimes this is not a good idea, it is recommended to ban death gateway monitoring.
11) Does not support routing
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / Services: / TCPIP / Parameters
IPenablerouter Reg_dword 0x0 (default is 0x0)
Description: Set the value to 0x1 to make the Win2000 have routing functions, thereby bringing unnecessary issues.
12) Maximum value of the external port of the enlarged conversion when making NAT
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / Services: / TCPIP / Parameters
MAXUSERPORT REG_DWORD 5000-65534 (decimal 0x1388 - decimal 5000)
Description: When the application requests the number of user ports available from the system, the parameter controls the maximum number of ports used. Normally
In case, the number of allocation of the short-term port is 1024-5000. When the parameter is set to the valid range, the most
Close a valid value (5000 or 65534). It is recommended to enlarge the value when using NAT.
13) Modify the MAC address
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / CONTROL / CLASS /
Find the description of the right window as the "NIC" directory,
For example, {4D36E972-E325-11CE-BFC1-08002BE10318}
Expand it, find the "driverDesc" key value in the branch under which "driverDesc" is your network card,
For example, "DriverDesc" is "Intel (R) 82559 Fast Ethernet Lan on Motherboard"
Then create a string value in the right window, the name is "networkaddress", the content is the MAC value you want, for example
Is "004040404040"
Then restart the computer, IPConfig / ALL look at it.
