MSS tcp registry values in windwos 2003 server security guide

---

• From: rand007@xxxxxxxxx
• Date: 20 Aug 2006 23:33:00 -0700

---

Hi,

I am currently hardening windows 2003 server SP1 O.S according to
"windows
server 2003 security guide" (version 2.1).

I noticed that there are some "MSS:" registry values that do not exist
in
this guide and existed in the previous version, such as:
1. "MSS: (AFD EnableDynamicBacklog) Enable dynamic backlog for Winsock
applications (recommended)" and all other "AFD" settings.
2. "MSS: (EnablePMTUDiscovery) Allow automatic detection of MTU size
(possible DoS by an attacker using a small MTU)".
3. "MSS: (TCPMaxPortsExhausted) How many dropped connect requests to
initiate SYN attack protection (5 is recommended)".

All these settings look important (at leat to me).

Does anyone know the reason these setting do not exist anymore in the
new
security guide?

--
RanD

.

---

• Follow-Ups:
  • Re: MSS tcp registry values in windwos 2003 server security guide
    • From: Roger Abell [MVP]

• Prev by Date: Re: Explanation of Anonymous Named Pipes Security Policy
• Next by Date: case study for s/c
• Previous by thread: Explanation of Anonymous Named Pipes Security Policy
• Next by thread: Re: MSS tcp registry values in windwos 2003 server security guide
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2006-08