Enhance security by modifying the registry under Windows 2000

1) Set the time to live

HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip ParametersDefaultTTL REG_DWORD 0-0xff (0-255 decimal, default value 128)

Description: Specify the settings in the outgoing IP packet The default time to live (TTL) value. TTL determines the maximum amount of time an IP packet can survive in the network before it reaches the destination. It actually limits the number of routers that an IP packet is allowed to pass before it is dropped. Sometimes this value is used to detect Remote host operating system.

2) Prevent ICMP Redirect Packet Attacks

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\ParametersEnableICMPRedirects REG_DWORD 0x0 (default is 0x1)

Description: This The parameter controls whether Windows 2000 will change its routing table in response to ICMP redirect messages sent to it by network devices (such as routers), which can sometimes be exploited to do bad things. The default value in Win2000 is 1, indicating that it responds to ICMP redirect messages.

3) Disable response to ICMP route advertisement messages

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\interface

PerformRouterDiscovery REG_DWORD 0x0 (default is 0x2) )

Description: The "ICMP Routing Announcement" function can cause other people's computer network connection to be abnormal, data is eavesdropped, and the computer is used for traffic attacks and other serious consequences. This problem has led to some LANs on the campus network. Area, long time network anomaly. Therefore, it is recommended to disable the response to ICMP route advertisement messages. The default value in Win2000 is 2, which is enabled when DHCP sends the router discovery option.

4) Prevent SYN flood attacks

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\ParametersSynAttackProtect REG_DWORD 0x2 (default is 0x0)

Description: SYN attack protection includes reduction The number of SYN-ACK retransmissions is reduced to reduce the time reserved for allocating resources. The routing cache entry resource allocation is delayed until a connection is established. If synattackprotect=2, the AFD connection indication is delayed until the three-way handshake is completed. Note that the protection mechanism takes action only when the TcpMaxHalfOpen and TcpMaxHalfOpenRetried settings are out of range.

5) Disable the default share of C$, D$, etc.

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\lanmanserver\\parametersAutoShareServer, REG_DWORD, 0x0

6) Prohibited ADMIN$ default share

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\lanmanserver\\parametersAutoShareWks, REG_DWORD, 0x0

7) Limit IPC$ default share

HKEY_LOCAL_MACHINE\\SYSTEM\\ CurrentControlSet\\Control\\Lsarestrictanonymous REG_DWORD 0x0 Default

0x1 Anonymous users cannot enumerate the local user list

0x2 Anonymous users cannot connect to the local IPC$ share

Description: Not recommended Use 2, otherwise some services may not start, such as SQL Server

8) IGMP protocol is not supported

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\ParametersIGMPLevel REG_DWORD 0x0 (default The value is 0x2)

Description: Remember that there is a bug under Win9x, that is, you can use IGMP to make someone else blue screen, modify the registry to fix this bug. Win2000 does not have this bu g, but IGMP is not necessary, so it can be removed. After changing to 0, you can't see the nasty 224.0.0.0 with route print.

9) Set the arp cache aging time setting

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services:\\Tcpip\\ParametersArpCacheLife REG_DWORD 0-0xFFFFFFFF (seconds, default is 120 seconds)

ArpCacheMinReferencedLife REG_DWORD 0-0xFFFFFFFF (seconds, default is 600)

Description: If ArpCacheLife is greater than or equal to ArpCacheMinReferencedLife, the referenced or unreferenced ARP cache entry expires after ArpCacheLife seconds. If ArpCacheLife is less than ArpCacheMinReferencedLife, the unreferenced item expires after ArpCacheLife seconds, and the reference item expires after ArpCacheMinReferencedLife seconds. Each time an outbound packet is sent to the item's IP address, the item in the ARP cache is referenced.

10) Dead Gateway Monitoring Technology

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services:\\Tcpip\\ParametersEnableDeadGWDetect REG_DWORD 0x0 (default is ox1)

Description: If you set With multiple gateways, your machine will automatically switch to the backup gateway when it has difficulty handling multiple connections. Sometimes this is not a good idea and it is recommended to disable dead gateway monitoring.

11) Routing is not supported

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services:\\Tcpip\\ParametersIPEnableRouter REG_DWORD 0x0 (default is 0x0)

Description: Set the value to 0x1 can make Win2000 have routing function, which brings unnecessary problems.

12) Maximum value of the external port for the conversion when doing NAT

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services:\\Tcpip\\ParametersMaxUserPort REG_DWORD 5000-65534 (decimal) (default 0x1388--decimal 5000)

Description: When the application requests the number of available user ports from the system, this parameter controls the maximum number of ports used. Under normal circumstances, the number of short-term ports allocated is 1024-5000. When the parameter is set outside the valid range, the closest valid value (5000 or 65534) is used. It is recommended to enlarge the value when using NAT.

13) Modify the MAC address

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\

Locate the description of the right window as "network card", for example {4D36E972-E325-11CE-BFC1-08002BE10318}

Expand, find the key of your "DriverDesc" in the branch of 0000, 0001, 0002... below, for example, your network card description, for example Say the value of "DriverDesc""Intel(R) 82559 Fast Ethernet LAN on Motherboard" and then create a new string value in the right window with the name "Networkaddress", the content is the MAC value you want, for example "004040404040" Then restart the computer, ipconfig /all look.