Modify the Registry to enhance Windows 2000 Security

1. Set the survival time
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters

Defaultttl REG_DWORD 0-0xff (0-255 decimal, default value: 128)

Description: Specifies the default TTL value set in outgoing IP packets. TTL determines the maximum time for an IP packet to survive in the network before it reaches the target. It actually limits the number of routers allowed to pass IP packets before they are discarded. Sometimes this value is used to detect remote host operating systems.

2. Prevent ICMP redirection packet attacks

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters

Enableicmpredirects REG_DWORD 0x0 (default value: 0x1)

Note: This parameter controls whether Windows 2000 will change its route table to respond to ICMP redirection messages sent to a network device (such as a vro), which is sometimes exploited to do bad things. in Win2000, the default value is 1, indicating that the ICMP redirection packet is returned.

3. Disable response to ICMP route notification packets

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ inter

Faces \ Interface

Invalid mrouterdiscovery REG_DWORD 0x0 (default value: 0x2)

Note: The "ICMP route announcement" function can cause network connection exceptions, data eavesdropping, and traffic attacks on other computers. this problem has led to some large area networks on the campus network, causing network exceptions for a long time. Therefore, we recommend that you disable the ICMP route notification message. The default value of Win2000 is 2, indicating that it is enabled when DHCP sends the router discovery option.

4. Prevent SYN flood attacks

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters

SynAttackProtect REG_DWORD 0x2 (default value: 0x0)

(Syn Attack Protection includes reducing the number of SYN-ACK re-transmission, to reduce the allocation of resources to retain the time. Route cache item Resource Allocation delay until a connection is established. if SynAttackProtect = 2, the AFD connection indication is delayed until the three-way handshake is complete. note that the protection mechanism takes action only when the tcpmaxhalfopen and TcpMaxHalfOpenRetried settings are out of range.

5. Do not share C $ or d $ by default.

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters

AutoShareServer, REG_DWORD, 0x0

6. Do not share ADMIN $ by default.

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters

Autoscaling wks, REG_DWORD, 0x0

7. Restrict IPC $ default sharing

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ LSA

Restrictanonymous REG_DWORD 0x0 default

0x1 anonymous users cannot list local users

0x2 anonymous users cannot connect to the local IPC $ share

Note: 2 is not recommended; otherwise, some of your services may fail to start, such as SQL Server.

8. IGMP protocol not supported

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters

Igmplevel REG_DWORD 0x0 (default value: 0x2)

Note: Remember that there is a bug in Win9x, that is, you can use IGMP to make others' blue screens. You can modify the Registry to fix this bug. win2000 does not have this bug, but IGMP is not necessary, so it can be removed. If you use Route print to change the value to 0, you will not be able to see the annoying 224.0.0.0 item.

9. Set the ARP cache aging time

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services: \ Tcpip \ Parameters

Arpcachelife REG_DWORD 0-0xffffff (seconds, default value: 120 seconds)

Arpcacheminreferencedlife REG_DWORD 0-0xffffffff (seconds, default value: 600)

NOTE: If arpcachelife is greater than or equal to arpcacheminreferencedlife, the referenced or unreferenced ARP cache entry expires after arpcachelife seconds. If arpcachelife is smaller than arpcacheminreferencedlife, The unreferenced item expires after arpcachelife seconds, and the referenced item expires after arpcacheminreferencedlife seconds. Each time an outbound packet is sent to the IP address of the entry, the entry in the ARP cache is referenced.

10. Disable dead gateway monitoring technology

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services: \ Tcpip \ Parameters

EnableDeadGWDetect REG_DWORD 0x0 (ox1 by default)

Note: If you have configured multiple gateways, your machine will automatically switch to the backup gateway when it is difficult to process multiple connections. Sometimes this is not a good idea. We recommend that you disable dead gateway monitoring.

11. The routing function is not supported.

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services: \ Tcpip \ Parameters

Ipenablerouter REG_DWORD 0x0 (default value: 0x0)

Note: setting the value 0x1 enables Win2000 to provide routing functions, which leads to unnecessary problems.

12. Enlarge the maximum value of the external port for translation during Nat

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services: \ Tcpip \ Parameters

Maxuserport REG_DWORD 5000-65534 (decimal) (default value: 0x1388 -- decimal: 5000)

Note: When an applicationProgramWhen the system requests the number of available user ports, this parameter controls the maximum number of ports used. Under normal circumstances, the number of short-term ports allocated is 1024-5000. When this parameter is set outside the valid range, the nearest valid value (5000 or 65534) is used ). We recommend that you enlarge the value when using NAT.

13. Modify the MAC address

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ class \

Find the directory indicating "Nic" in the right window,

For example, {4d36e972-e325-11ce-bfc1-08002be10318}

Expand, and in the lower part, 0002... find the "driverdesc" key value in the branch of your network card description, for example, "driverdesc" value is "Intel (r) 82559 Fast Ethernet LAN on Motherboard "and then create a new string value in the right window, named" networkaddress ", with the content of your desired MAC value, for example," 004040404040 "and then restart the computer, ipconfig/All.