SecurityFocus

Hardening TCP/IP Stack; conflicting sources Mar 20 2004 09:23PM
captmeoff yahoo com (5 replies)

Re: Hardening TCP/IP Stack; conflicting sources Mar 22 2004 09:58PM
Jean-Baptiste Marchand (Jean-Baptiste Marchand hsc fr)

Re: Hardening TCP/IP Stack; conflicting sources Mar 22 2004 09:26PM
Jean-Baptiste Marchand (Jean-Baptiste Marchand hsc fr)

RE: Hardening TCP/IP Stack; conflicting sources Mar 21 2004 08:38PM
dave kleiman (dave isecureu com)

RE: Hardening TCP/IP Stack; conflicting sources Mar 21 2004 10:09AM
Jannie Hanekom (j_hanekom hotmail com)

The Microsoft Knowledge Base (usually the authority I trust on these) says:

HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\NoNameReleaseOnD
eman
d
http://support.microsoft.com/?id=269239
http://support.microsoft.com/?id=315669

EnableFragmentChecking seems to have been under IPFilterDriver in NT 4.0,
but moved to Tcpip in Windows 2000, possibly in accordance with RRAS's
functionality being integrated into the base OS. It's rare, but it happens.
The following documents (indicating IPFilterDriver) are all specific to NT
4.0:
http://support.microsoft.com/?id=189594
http://support.microsoft.com/?id=168469
http://support.microsoft.com/?id=189099

However, this document uses Tcpip in reference to Windows 2000:
http://msdn.microsoft.com/library/en-us/dnnetsec/html/HTHardTCP.asp?fram
e=tr
ue

I'm afraid I don't have a straight answer on the second one. My hunch says
to put it in Tcpip, but it's better to implement and test.

Jan

-----Original Message-----
From: captmeoff (at) yahoo (dot) com [email concealed] [mailto:captmeoff (at) yahoo (dot) com [email concealed]]
Sent: 20 March 2004 21:24
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Hardening TCP/IP Stack; conflicting sources

Which path is correct for Windows 2000 Server? I've seen both.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NoNameReleaseOnD
eman
d

-or-

HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\NoNameReleaseOnD
eman
d

as well as this one:

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableFragmentCh
ecki
ng

- or -

HKLM\SYSTEM\CurrentControlSet\Services\IPFilterDriver\Parameters\EnableF
ragm
entChecking

------------------------------------------------------------------------
---
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost
of ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
------------------------------------------------------------------------
---

[ reply ]

RE: Hardening TCP/IP Stack; conflicting sources Mar 21 2004 05:28AM
Sarbjit Singh Gill (ssgill starhub net sg)