Re: Preventing OS Detection
From: Tod Beardsley (todb_at_planb-security.net)
Date: 02/29/04
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Sergey V. Gordeychik" <gordey@infosec.ru>, <focus-ms@securityfocus.com> Date: Sat, 28 Feb 2004 21:20:19 -0600
Sergey V. Gordeychik wrote:
> HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpWindowSize
> HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultTTL
> HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultTOS
> HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
> EnablePMTUBHDetect
Two other W2k (maybe XP/W2k3?) registry keys worth noting -- mostly
because they're not as popular as the above:
HKLM\Services\CCC\Tcp\Parameters
DWORD value TcpMaxConnectResponseRetransmissions
Mess with this to alter the number of SYN-ACK retries. Dropping this to
2 or 1 will also clear out half-open connects faster (albeit with a
connectivity penalty for your more unstable networks).
HKLM\Services\CCC\Tcp\Parameters\Interfaces\interface-name
DWORD value TcpInitialRTT
Change this to alter the SYN-ACK retransmisison timeouts. More of a
pain, though, since this must be set per interface.
-- "It's okay to yell 'fire' in a crowded theater if the theater is actually on fire." Tod Beardsley | www.planb-security.net --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301 ---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
