Likely normal. The article below states that when TcpMaxConnectResponseRetransmissions is at least 2, this registry item is used....http://technet.microsoft.com/en-us/library/cc781167(WS.10).aspx

> Date: Thu, 9 Dec 2010 17:23:27 +0000
> From: techlists (at) comcast (dot) net [email concealed]
> CC: pen-test (at) securityfocus (dot) com [email concealed]
> Subject: services.exe modifying synattackprotect?
>
> Why would 'C:\Windows\system32\services.exe' be trying to change the following registry key?
>
> \REGISTRY\MACHINE\SYSTEM\ControlSet\SERVICES\TCPIP\PARAMETERS\SYNATTACKP
ROTECT
>
> Is this an indication of an attack or a normal part of the 'services.exe' process?
>
> PG
>
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]