'Turn off the check for invalid gateways. When the server is set with multiple gateways the system will try to connect when the network is not smooth
'The second gateway you can optimize the network by closing it.
\u0026quot;EnableDeadGWDetect\u0026quot;=dword:00000000 'It is forbidden to respond to ICMP redirect messages. Such messages may be used for attacks so the system should refuse to accept ICMP redirect messages.
\u0026quot;EnableICMPRedirects\u0026quot; =dword:00000000 'It is not allowed to release the NETBIOS name. When an attacker issues a request to query the server's NETBIOS name the server can be prevented from responding.
'Note that the system must have SP2 or higher.
\u0026quot;NoNameReleaseOnDemand\u0026quot;=dword:00000001 'Send verification keep-alive packets. This option determines how long the TCP interval is to determine that the current connection is still connected.
'If this value is not set the system will check whether the TCP has an idle connection every 2 hours. The time here is set to 5 minutes.
/>\u0026quot;KeepAliveTime\u0026quot;=dword:000493e0 'The maximum packet length path detection is prohibited. When the value of this item is 1 it will automatically detect the size of the data packet that can be transmitted.
'It can be used to improve the transmission efficiency. If there is a failure or for safety set the item value to 0 which means to use a fixed MTU value of 576bytes .
\u0026quot;EnablePMTUDiscovery\u0026quot;=dword:00000000 'Enable syn attack protection. The default value is 0 which means that attack protection is not enabled and the value of 1 and 2 means that syn attack protection is enabled. After setting it to 2
'The security level is higher. Under what circumstances it is considered an attack you need According to the following TcpMaxHalfOpen and TcpMaxHalfOpenRetried values ??
' set conditions to trigger the start. It should be noted here that NT4.0 must be set to 1 and setting it to 2 will cause the system to restart under certain special data packets.
\u0026quot;SynAttackProtect\u0026quot;=dword:00000002 'The number of semi-connections that are allowed to be opened at the same time. The so-called semi-connections refer to incompletely established TCP sessions. You can see the SYN_RCVD state with the netstat command.
' Use the recommended value from Microsoft here the server is set to 100 and the advanced server is set to 500. It is recommended to set a little smaller.
\u0026quot;TcpMaxHalfOpen\u0026quot;=dword:00000064 ' Determine whether there is a trigger point for the attack. Here we use the Microsoft recommended values the server is 80 and the advanced server is 400.
\u0026quot;TcpMaxHalfOpenRetried\u0026quot;=dword:00000050 'Set Wait for the SYN-ACK time. The default value is 3 and this process takes 45 seconds by default. The item value is 2 and the elapsed time is 21 seconds.
'The item value is 1 and the consumption time is 9 seconds. The minimum value can be set to 0 which means no waiting and the consumption time is 3 seconds. This value can be modified according to the scale of the attack.
'Microsoft Site Security Recommendation Is 2.
\u0026quot;TcpMaxConnectResponseRetransmissions\u0026quot;=dword:00000001 'Set the number of times that TCP retransmits a single data segment. The default value is 5 and this process takes 240 seconds by default. The Microsoft site security recommendation is 3.
\u0026quot;TcpMaxDataRetransmissions\u0026quot;=dword:00000003 'Set the critical point of syn attack protection. When the available backlog becomes 0 this parameter is used to control the activation of syn attack protection and the Microsoft site security recommendation is 5.
\u0026quot;TCPMaxPortsExhausted\u0026quot;=dword:00000005 'IP source routing is forbidden. The default value is 1 which means that source routed packets are not forwarded and the value is set to 0 which means all forwarding and 2 means discarding all accepted The
' source routing package Microsoft Site Security recommends 2.
\u0026quot;DisableIPSourceRouting\u0026quot;=dword:0000002 'Limit the maximum time in the TIME_WAIT state. The default is 240 seconds the minimum is 30 seconds and the maximum is 300 seconds. It is recommended to set it to 30 seconds.
\u0026quot; TcpTimedWaitDelay\u0026quot;=dword:0000001e[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters]
'Increase the increase of the NetBT connection block. The default is 3 and the range is 1-20. The larger the value the more the connection will improve performance. Each connection block consumes 87 bytes.
\u0026quot;BacklogIncrement\u0026quot;=dword:00000003 'Maximum number of NetBT connection speeds. Range 1-400 here is set to 1000 the larger the value the more connections are allowed when there are more connections.
\u0026quot;MaxConnBackLog\u0026quot ;=dword:000003e8[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Afd\\Parameters]
'Configure to activate the dynamic Backlog. For systems with busy networks or vulnerable to SYN attacks it is recommended to set it to 1 which means that dynamic Backlog is allowed.
\u0026quot;EnableDynamicBacklog\u0026quot;=dword:00000001 'Configure the minimum dynamic Backlog. The default value is 0 which means the minimum number of free connections allocated by the dynamic Backlog. When the number of free connections
' is lower than this number Free connections will be assigned automatically. The default value is 0. For systems with busy networks or vulnerable to SYN attacks the recommended setting is 20.
\u0026quot;MinimumDynamicBacklog\u0026quot;=dword:00000014 'Maximum dynamic Backlog. Defines the maximum \u0026quot;standard\u0026quot; number of connections mainly depends on the size of the memory theoretically the maximum of each 32M memory can be
'increase 5000 here Set to 20000.
\u0026quot;MaximumDynamicBacklog\u0026quot;=dword:00002e20 'The free connection data added each time. The default value is 5 which means that the number of free connections added each time is defined. For busy networks or vulnerable to SYN attacks
' The recommended setting is 10.
\u0026quot;DynamicBacklogGrowthDelta\u0026quot;=dword:0000000a
The following parts need to be manually modified according to the actual situation'------------------------- -------------------------------------------------- ----------------------
'[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters]
'Enable security on the network card Filter
'\u0026quot;EnableSecurityFilters\u0026quot;=dword:00000001
'
'The number of TCP connections opened at the same time here can be controlled according to the situation.
'\u0026quot;TcpNumConnections\u0026quot;=
'
'This parameter controls the size limit of the TCP header table. On machines with a large amount of RAM increasing this setting can improve the response performance during SYN attacks.
'\u0026quot;TcpMaxSendFree\u0026quot;=
'
'[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{own network card interface}]
'Disable route discovery Function. ICMP routing advertisement messages can be used to increase routing table records which can cause attacks so routing discovery is prohibited.
\u0026quot;PerformRouterDiscovery \u0026quot;=dword:00000000
'------- -------------------------------------------------- ----------------------------------------?Installation and configuration of win2003 IIS6.0+PHP+MySQL