Change the TIME_WAIT Timeout to Increase Connections (Windows NT/2000/XP)
This setting determines the length of time that a connection will stay in the TIME_WAIT state before being closed. The default is 240 seconds which on a busy server will limit the maximum connections to around 200/sec. Reducing this setting will increase the maximum connection limit.
Harden the TCP/IP Stack for Denial of Service Attacks (Windows 2000/XP)
Denial of service attacks are network attacks that are aimed at making a computer or a particular service unavailable to network users. These settings can be used to increase the ability for Windows to defend against these attacks when connected directly to the Internet.
Disables DHCP Router Discovery (All Windows)
The ICMP Router Discovery Protocol (IRDP) comes enabled by default for Windows clients using DHCP. This can be a security issue because by spoofing IRDP Router Advertisements, an attacker can remotely add default route entries on a remote system.
Protect Against SYN Flood Attacks (Windows NT/2000/XP)
Windows includes protection that allows it to detect and adjust when the system is being targeted with a SYN flood attack (a type of denial of service attack). When enabled the connection responses time out more quickly in the event of an attack.
Configure DHCP Server for Unicast (Windows NT/2000/XP)
By default, the Windows DHCP server sends all DHCP responses as IP broadcasts to the limited broadcast address (255.255.255.255). However, the DHCP server can be configured send to unicast responses by applying this tweak.
Specify the Router Buffer Size (Windows NT/2000/XP)
This parameter determines how much memory IP allocates to store packet data in the router packet queue. When this buffer space is filled, the router begins discarding packets at random from its queue.
Offload IP Security Task Processing (Windows 2000/XP)
This setting is used to control whether IP Security (IPSEC) tasks should be offloaded to a network card with IP security capabilities.
Enable IP Packet Forwarding (Windows NT/2000/XP)
By default, TCP/IP forwarding is not enabled in Windows, this setting can be used to enable TCP/IP forwarding for all network connections that are installed and used by the computer.
Control RFC 1323 Time Stamp and Window Scaling (Windows NT/2000/XP)
This setting controls RFC 1323 timestamps and window scaling options. Timestamps and Window scaling are enabled by default, but can be manipulated with flag bits.
Control Selective Acknowledgement (SACK) Operation (Windows NT/2000/XP)
This parameter controls whether or not Selective ACK (SACK - RFC 2018) support is enabled. With SACK enabled (default), a packet or series of packets can be dropped, and the receiver informs the sender which data has been received, and where there may be "holes" in the data.
Control Windows Treatment of Priority TCP/IP Data (Windows NT/2000/XP)
This parameter determines whether TCP uses the RFC 1122 specification for urgent data or the mode used by BSD- derived systems. The two mechanisms interpret the urgent pointer in the TCP header and the length of the urgent data differently.
Specify the Router Packet Queue Size (Windows NT/2000/XP)
This parameter determines the number of IP packet headers allocated for the router packet queue. When all headers are in use, the router will begin to discard packets at random from the queue.
Control Keep Alive Parameters (Windows NT/2000/XP)
These settings control how Windows manages connection keep alive transmissions. Including the timeout before keepalives are sent and the interval between keepalive transmissions.
Specify the Conformance Level for IP Multicast (Windows NT/2000/XP)
This parameter determines to what extent the system supports IP multicasting and participates in the Internet Group Management Protocol, RFC 1112.
Enable Dead Gateway Detection (Windows NT/2000/XP)
This setting specifies whether Windows should automatically detect and use an alternate gateway in the event of transmiting a segment several times without receiving a response.
Change the PPPOE MTU Size (Windows XP)
By default, a Windows XP PPPoE connection uses an MTU size that is 20 bytes less than the IP MTU of the LAN adapter over which the PPPoE packets are sent, which in most cases is 1480 bytes. If a lower MTU is required, then this tweak can be used to change the value.
Control the Number of TCP/IP Connection Attempts (Windows 95/98/Me)
This setting controls the number of TCP/IP connection attempts (SYN packets) to be transmitted before timing out.
Modify the Number of Duplicate ACKs for Fast Retransmit (Windows 2000/XP)
This parameter determines the number of duplicate ACKs that must be received for the same sequence number of sent data before "fast retransmit" is triggered to resend the segment that has been dropped in transit.
Specify the Conformance Level for IP Multicast (Windows 95/98/Me)
This parameter determines to what extent the system supports IP multicasting and participates in the Internet Group Management Protocol, RFC 1112.
Detect Black Hole Routers During Path MTU Discovery (Windows NT/2000/XP)
Specifies whether the stack will attempt to detect Maximum Transmission Unit (MTU) routers that do not send back ICMP fragmentation-needed messages.
Enable Path MTU Discovery (Windows NT/2000/XP)
Enabling the setting causes TCP to attempt to discover the Maximum Transmission Unit (MTU or largest packet size) over the path to a remote host. By discovering the Path MTU and limiting TCP segments to this size, TCP can eliminate fragmentation at routers along the path that connect networks with different MTUs.
Disable TCP/IP Source Routing (Windows NT 4.0)
Normally, on a computer running Windows NT 4.0, you cannot disable the source routing feature for the TCP/IP protocol. By using this tweak it is possible to disable it.
Specify System-wide TCP Receive Window Size (Windows 2000/XP)
The TcpWindowSize parameter can be used to set the receive window on a per-interface basis. This parameter can be used to set a global limit for the TCP window size on a system-wide basis.
Enable Dead Gateway Detection (Windows 95/98/Me)
This setting specifies whether Windows should automatically detect and use an alternate gateway in the event of a failed gateway.
Specify the Maximum Number of TCP/IP Connections (Windows NT/2000)
This parameter specifies the maximum number of connections that TCP may have open simultaneously.
Optimize Windows TCP/IP Data Retransmissions (Windows NT/2000/XP)
This parameter controls the number of times TCP will retransmit an individual data segment (not connection request segments) before aborting the connection.
Control RFC 1323 Time Stamp and Window Scaling Options (Windows 95/98/Me)
This setting controls RFC 1323 time stamps and window scaling options for TCP/IP packets.
Specify the Default Time to Live for TCP/IP Packets (Windows NT/2000/XP)
Specifies the default Time To Live (TTL) value set in the header of outgoing IP packets. The TTL determines the maximum amount of time an IP packet may live in the network without reaching its destination. It is effectively a limit on the number of routers an IP packet may pass through before being discarded.
Enable MTU Discovery (Windows 95/98/Me)
This setting specifies whether the TCP/IP stack will attempt to perform path MTU discovery as specified in RFC 1191.
Enable MTU Black Hole Detection (Windows 95/98/Me)
Specifies whether the stack will attempt to detect Maximum Transmission Unit (MTU) routers that do not send back ICMP fragmentation-needed messages.
Control Windows Treatment of Priority TCP/IP Data (Windows 95/98/Me)
This value specifies how Windows should handle urgent data transfers, either in a same manner to some UNIX systems or as specified by RFC 1122.
Specify the TCP/IP Receive Window Size (Windows 95/98/Me) Popular
This setting controls the size of the TCP/IP receive Window. In general, larger receive windows work better with high-delay, high-bandwidth data.
Optimize Windows TCP/IP Connection Retransmissions (Windows NT/2000/XP)
This parameter determines the number of times TCP will retransmit a connect request (SYN) before aborting the attempt. The retransmission timeout is doubled with each successive retransmission in a given connect attempt.
Specify the Default TCP/IP Time to Live (Windows 95/98/Me)
This setting specifies the default time to live (TTL) value for IP packets generated by the Windows TCP/IP stack.
Optimize the Windows TCP/IP Window Size (Windows NT/2000) Popular
This parameter determines the maximum TCP receive window size offered by the system. The receive window specifies the number of bytes a sender may transmit without receiving an acknowledgment.
Change the Maximum Transmission Unit (MTU) Size (Windows NT/2000/XP) Popular
This parameter specifies the Maximum Transmission Unit (MTU) for a network interface. By optimizing the MTU setting you can gain substantial network performance increases, especially when using dial-up modem connections.
Enable Source Routing on Token Ring Networks (Windows NT/2000)
Setting this parameter to 1 will force TCP/IP to transmit ARP queries with source routing enabled on Token Ring networks. By default, the stack transmits ARP queries without source routing first and retries with source routing enabled if no reply was received.
Specify System-wide TCP Receive Window Size (Windows 98)
The TcpWindowSize parameter can be used to set the receive window on a per-interface basis. This parameter can be used to set a global limit for the TCP window size on a system-wide basis.
Modify the Initial Retransmission Timeout (Windows NT/2000)
This parameter controls the initial retransmission timeout used by TCP on each new connection. It applies to the connection request (SYN) and to the first data segment(s) sent on each connection.
Change TCP/IP Broadcast Address (Windows NT/2000)
This setting allows Windows to be configured to use zeros-broadcasts (0.0.0.0) instead of ones-broadcasts (255.255.255.255). Most systems use ones-broadcasts, but some systems derived from BSD implementations use zeros-broadcasts.
Transmit Ethernet Packets Using 802.3 SNAP Encoding (Windows NT/2000)
Enabling this setting forces TCP/IP to transmit Ethernet packets using 802.3 SNAP encoding. By default, the stack transmits packets in DIX Ethernet format. It will always receive both formats.
Specify the Default TCP/IP Type of Service (TOS) (Windows NT)
This setting specifies the default type of service (TOS) for IP packets generated by the TCP/IP stack. This can be used to manage quality of service (QOS) throughout a network.
Configure the TCP/IP Settings of a Network Adapter (Windows NT/2000/XP) Popular
These values control the TCP/IP parameters of the network interface cards. Configurable parameters include IP Address, Subnet Mask and Default Gateway.
Specify the Default TCP/IP Type of Service (TOS) (Windows 95/98/Me)
This setting specifies the default type of service (TOS) for IP packets generated by the TCP/IP stack. This can be used to manage quality of service (QOS) throughout a network.
Control the Number of TCP/IP Transmission Retries (Windows 95/98/Me)
This setting defines the number of transmission retries will be transmitted before the connection is aborted.
Control TCP/IP Routing Parameters (Windows 95/98/Me)
These settings control IP routing features including the total amount of buffer space to allocate for routing packets and the maximum number of packets that can be routed simultaneously.
Override the Default Broadcast Address (Windows 95/98/Me)
This setting overrides the default broadcast address that is derived from the IP address and subnet mask. Primarily the broadcast address is used for NetBIOS name queries.
Configure the DHCP Settings of a Network Adapter (Windows NT/2000/XP)
This setting controls whether TCP/IP should use DHCP to automatically assign an IP address, or if it should use the statically defined address.
|