Security | Registry DefaultTTL REG_DWORD 0-0XFF (0-255 decimal, default value 128)
Description: Specifies the default time to Live (TTL) value set in outgoing IP packets. The TTL determines the maximum time that an IP packet survives on the network before reaching its destination. It actually qualifies the number of routers that the IP packet is allowed to pass before it is discarded. This value is sometimes used to detect remote host operating systems.
2. Prevention of ICMP Redirect message description: This parameter controls whether Windows 2000 alters its routing table in response to ICMP Redirect messages sent to it by network devices such as routers, and is sometimes exploited to do bad things. The default value in Win2000 is 1, which indicates a response to an ICMP redirect message.
3, prohibit the response ICMP routing notification Packet Description: "ICMP routing bulletin" function can cause other people's computer network connection is abnormal, data is tapped, the computer is used for traffic attacks and other serious consequences. This problem has caused some LAN large area of campus network, long time network anomaly. Therefore, it is recommended that you close the response ICMP routing notification message. The default value in Win2000 is 2, which is enabled when DHCP sends router discovery options.
4. Prevention of SYN Flood attack description: SYN attack protection includes reducing the number of syn-ack retransmissions to reduce the amount of time that is reserved for allocating resources. The Routing Cache Item resource assignment is deferred until the connection is established. If synattackprotect= 2, the AfD connection instruction is delayed until the three-way handshake is complete. Note that the protection mechanism takes action only if the TcpMaxHalfOpen and tcpmaxhalfopenretried settings are out of range.
5. Prohibit automatic default sharing (Server Edition) 0 ": None, Rely on Default permissions (none, depending on default permissions)
"1": does not allow enumeration of SAM accounts and shares (does not allow enumeration of SAM accounts and shares)
' 2 ': No access without explicit anonymous permissions (no access is allowed without explicit anonymous permissions)
"0" This value is the system default, without any restrictions, remote users can know all of your machine accounts, group information, shared directories, network transfer list (netservertransportenum), etc., for the server such a setting is very dangerous. "1" is a value that allows only non-null users to access SAM account information and share information. "2" This value only Win2K support, it should be noted that, if you use this value, you can no longer share resources, so it is recommended to set the value to "1" better.
8. IGMP protocol not supported
Note: Remember Win9x there is a bug, that is, you can use IGMP to make someone blue screen, modify the registry can fix this bug. Win2000 Although not the bug, but IGMP is not necessary, so can be removed. After changing to 0, the route print will not see that nasty 224.0.0.0.
9, set the ARP cache aging time Set ArpCacheLife REG_DWORD 0-0xffffffff (seconds, default value is 120 seconds)
ArpCacheMinReferencedLife REG_DWORD 0-0xffffffff (number of seconds, default value is 600)
Note: If the arpcachelife is greater than or equal to ArpCacheMinReferencedLife, the referenced or unreferenced ARP cache entry expires after arpcachelife seconds. If ArpCacheLife is less than ArpCacheMinReferencedLife, the unreferenced items expire after arpcachelife seconds, and the referenced items expire after arpcacheminreferencedlife seconds. Items in the ARP cache are referenced each time the outbound packet is sent to the IP address of the item.
10, the prohibition of Dead Gateway monitoring technology: If you set up more than one gateway, then your machine in processing multiple connections have difficulty, will automatically switch to backup gateway. Sometimes this is not a good idea, it is recommended to prohibit dead gateway monitoring.
11, does not support the Routing function description: Sets the value to 0x1 may enable the Win2000 to have the routing function, thus causes the unnecessary question.
12. The maximum value of the external port to enlarge the conversion when doing NAT: This parameter controls the maximum number of ports used when the application requests the number of user ports available from the system. Normally, the number of short port assignments is 1024-5000. When this parameter is set to a valid range, the nearest valid value (5000 or 65534) is used. It is recommended that you enlarge the value when using NAT.
13, modify the MAC address to find the right window description of the "network card" directory,
For example, {4D36E972-E325-11CE-BFC1-08002BE10318}
Unfold, under the 0000,0001,0002 ... The "DriverDesc" key is found in the branch of your network card, for example, the value of "DriverDesc" is "Intel (R) 82559 Fast Ethernet LAN on motherboard" and then a new string value in the right window, named " NetworkAddress ", the content for you want the Mac value, for example is" 004040404040 "then restart the computer, Ipconfig/all look.
