Modify the registry strengthen Windows 2000 Security _ Registry

1, set the life time
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

DefaultTTL REG_DWORD 0-0xff (0-255 decimal, default value 128)

Description: Specifies the default time to Live (TTL) value set in outgoing IP packets. The TTL determines the maximum time that an IP packet survives on the network before reaching its destination. It actually qualifies the number of routers that the IP packet is allowed to pass before it is discarded. This value is sometimes used to detect remote host operating systems.

2, to prevent the attack of ICMP redirect message

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Enableicmpredirects REG_DWORD 0x0 (default value is 0x1)

Description: This parameter controls whether Windows 2000 alters its routing table to respond to ICMP Redirect messages sent to it by a network device, such as a router, and is sometimes exploited to do bad things. The default value in Win2000 is 1, which indicates a response to an ICMP redirect message.

3, prohibit the response ICMP routing notification messages

Hkey_local_machine\system\currentcontrolset\services\tcpip\parameters\inter

Faces\interface

PerformRouterDiscovery REG_DWORD 0x0 (default value is 0x2)

Description: "ICMP routing Bulletin" feature can cause the network connection of other people's computer to be abnormal, the data is bugged, the computer is used for the serious consequence such as traffic attack. This problem has caused some LAN of campus network large area, long time network anomaly. Therefore, it is recommended that you close the response ICMP routing notification message. The default value in Win2000 is 2, which is enabled when DHCP sends router discovery options.

4. Prevent SYN flood attack

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

SynAttackProtect REG_DWORD 0x2 (default value is 0x0)

Description: SYN attack protection includes reducing the number of syn-ack retransmissions to reduce the amount of time that is retained for allocating resources. The Routing Cache Item resource assignment is deferred until the connection is established. If synattackprotect= 2, the AfD connection instruction is delayed until the three-way handshake is complete. Note that the protection mechanism takes action only if the TcpMaxHalfOpen and tcpmaxhalfopenretried settings are out of range.

5, prohibit the default sharing of C $, d$ class

Hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters

AutoShareServer, REG_DWORD, 0x0

6, Prohibit admin$ default sharing

Hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters

AutoShareWks, REG_DWORD, 0x0

7. Limit ipc$ default sharing

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

RestrictAnonymous REG_DWORD 0x0 Default

0x1 Anonymous users cannot enumerate the list of native users

0x2 Anonymous users cannot connect to the native ipc$ share

Description: It is not recommended to use 2, or it may cause some of your services to fail to start, such as SQL Server

8. IGMP protocol not supported

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

IGMPLevel REG_DWORD 0x0 (default value is 0x2)

Note: Remember Win9x there is a bug, that is, you can use IGMP to make someone blue screen, modify the registry can fix this bug. Win2000 Although not the bug, but IGMP is not necessary, so can be removed. After changing to 0, the route print will not see that nasty 224.0.0.0.

9, set the ARP cache aging time settings

Hkey_local_machine\system\currentcontrolset\services:\tcpip\parameters

ArpCacheLife REG_DWORD 0-0xffffffff (seconds, default value is 120 seconds)

ArpCacheMinReferencedLife REG_DWORD 0-0xffffffff (number of seconds, default value is 600)

Note: If the arpcachelife is greater than or equal to ArpCacheMinReferencedLife, the referenced or unreferenced ARP cache entry expires after arpcachelife seconds. If ArpCacheLife is less than ArpCacheMinReferencedLife, the unreferenced items expire after arpcachelife seconds, and the referenced items expire after arpcacheminreferencedlife seconds. Items in the ARP cache are referenced each time the outbound packet is sent to the IP address of the item.

10, the prohibition of dead Gateway monitoring technology

Hkey_local_machine\system\currentcontrolset\services:\tcpip\parameters

EnableDeadGWDetect REG_DWORD 0x0 (default value is Ox1)

Description: If you set up multiple gateways, your machine will automatically switch to a backup gateway when it is having trouble handling multiple connections. Sometimes this is not a good idea, it is recommended to prohibit dead gateway monitoring.

11, does not support the routing function

Hkey_local_machine\system\currentcontrolset\services:\tcpip\parameters

IPEnableRouter REG_DWORD 0x0 (default value is 0x0)

Note: Setting the value to 0x1 can enable Win2000 to have a routing function, thus creating unnecessary problems.

12. The maximum value of the external port when NAT is enlarged and converted

Hkey_local_machine\system\currentcontrolset\services:\tcpip\parameters

MaxUserPort REG_DWORD 5000-65534 (decimal) (default value 0x1388--decimal is 5000)

Note: When an application requests the number of user ports available from the system, this parameter controls the maximum number of ports used. Normally, the number of short port assignments is 1024-5000. When this parameter is set to a valid range, the nearest valid value (5000 or 65534) is used. It is recommended that you enlarge the value when using NAT.

13. Modify MAC Address

Hkey_local_machine\system\currentcontrolset\control\class\

Locate the directory with the description "network card" in the right window.

For example, {4D36E972-E325-11CE-BFC1-08002BE10318}

Unfold, under the 0000,0001,0002 ... The "DriverDesc" key is found in the branch of your network card, for example, the value of "DriverDesc" is "Intel (R) 82559 Fast Ethernet LAN on motherboard" and then a new string value in the right window, named " NetworkAddress ", the content for you want the Mac value, for example is" 004040404040 "then restart the computer, Ipconfig/all look.