????? harden ???? TCP/IP ?? ????? ??? ?????? ?? Windows Server 2003

?????? ????????? ?????? ?????????
???? ???????: 324270 - ??? ???????? ???? ????? ????? ??? ???????.
????? ???? | ?? ????

?? ??? ??????

??????

????? ??? ?????? (DoS) ?? ????? ?????? ???? ??? ???? ??????? ?? ???? ????? ??? ???? ??????? ??? ????? ???????? ???? ???????. ???? ?? ???? ?? ????? ??? ?????? ???? ?? ????? ??? ??????. ???????? ?? ??? ????? ??? ??????? ????? ??????? ??? ?? ??? ????????? ?????????:
  • ?????? ??? ????????? ????? ?? ??????? ???????? ???? ??????? ??????. ??????? ?????? ???????? ??? ???? Microsoft ?????? ??? ?????:
    http://www.microsoft.com/security
  • harden ??? ???????? TCP/IP ??? ????? ??????? Windows Server 2003. ??? ????? ????? ???? TCP/IP ?????????? ??????? ???? ???? ??????? ????????. ??? ????? ??????? ?????? ?????????? ???? Microsoft ??? ???? harden ???? TCP/IP ?? ????? ??? ??????.

??? ??????? TCP/IP Harden ??? ???? TCP/IP

?????? ?????? ????? ?? ?????? ??? ??????? ???? ?????? ?? ????? ????? ???????. ??? ???? ?? ???? ?????? ????? ?? ???? ????? ????? ?????? ??? ?????. ?????? ???? ?? ????? ??? ??????? ??????. ?????? ??? ??????? ????????? ????? ????????? ????? ??? ??????. ???? ???? ????? ??????? ????? ?? ???? ???? ?????. ?????? ??? ???? ?? ????????? ??? ????? ??? ???? ???????? ?? ????? ?????????? ???? ??? ??? ??????? ?????? ???? ??????? ?? ????? ????? Microsoft:
322756????? ??? ???? ???????? ?? ????? ????????? ?? Windows

???? ??????? ??????? TCP/IP-???????? ??? ??????? ???? ????? ??????? ? harden ???? TCP/IP ??? ????? ????????? ??????? ?????? ?????????. ???? ??? ????? ????? ????? ??? ????? ??????? ??????? ??? ??? ??? ???? ???:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
??????: ???? ????? ??????? ???? ???? ?? ?? ??? ??? ???? ???.
  • ??? ??????:SynAttackProtect
    ???????:Tcpip\Parameters
    ??? ??????:reg_dword
    ???? ????: ??? 0 ? 1
    ?????????: 0

    ???? ??????? ??? ????? ???????? ???? ??????? (TCP) ???? ????? ??????? ?? SYN-ACKS. ????? ???? ?????? ??? ??????? ????? ???????? ???? ????? ???? ????? SYN (??? ???? ??? ??????) ????? ????.

    ???? ??????? ???????? ??????? ?? ???? ??????? ???:
    • 0(?????? ??????????): ??????? ?? ????? SYN ??
    • 1: ??????SynAttackProtect???1?????? ???? ?? ????? SYN. ???? ??? ??????? ???? ????? ??????? ?? ACKS SYN TCP. ????? ???? ??????SynAttackProtect???1? ????? ???????? ???? ???? ???? ?? ???? ?????? ?????? ?? ???? SYN ??? ??????. ?????? Windows ????? ??????? ?????? ?? ??? ??? ???? ??? ??????:
      • TcpMaxPortsExhausted
      • TCPMaxHalfOpen
      • TCPMaxHalfOpenRetried
    ???????? Windows Server 2003 Service Pack 1 ?? ??????? ?? ?????? ?????????? ?????? ??????? SynAttackProtect 1.

    ?????????? ????? ??????? TcpMaxPortsExhausted ?? Windows XP SP2 ?????????? ?????? ?? ????? ????? Windows.
  • ??? ??????:EnableDeadGWDetect(???? ??? Windows 2003 ???)
    ???????:Tcpip\Parameters
    ??? ??????:reg_dword
    ???? ????: 0? 1 (False, True)
    ?????????: 1 (????)

    ???? ??????? ??????? ???????? ???? ????? ????????? ?? ???? ??????? ???:
    • 1: ??? ?????EnableDeadGWDetect???1? TCP ???? ?????? ????? dead ?????. ??? ????? ????? ????? dead? ?? ???? TCP ???????? ?????? (IP) ?????? ????? ????? ??????? ??? ???? ????? ?? ??? ?? ?????????. ??? ????? ???????? ????? ????????? ?? ?????? ?????? ??????????? TCP/IP???? ?????? ?? ???? ?????? ?? "???? ??????".
    • 0: Microsoft ???? ??? ???? ??????EnableDeadGWDetect?????? ???0. ?? ???? ??? ????? ??? ?????? ??? 0? ?? ??? ???? ?????? ??????? ??? ????????? ??? ???? ??? ??????? ??? ????? ??? ??????.
  • ??? ??????:EnablePMTUDiscovery
    ???????:Tcpip\Parameters
    ??? ??????:reg_dword
    ???? ????: 0? 1 (False, True)
    ?????????: 1 (????)

    ???? ??????? ??????? ???????? ???? ????? ????????? ?? ???? ??????? ???:
    • 1: ??? ?????EnablePMTUDiscovery???1? ????? TCP ?????? ???? ??????? ?????? (MTU) ?? ???? ??? ?????? ??? ?????? ??? ???? ????. ???? ????? TCP ??????? ?? ????? ??????? ??? ?????? ????? ???? ?????? ??????? MTUs ?????? ?? ???? ?????? ???? ??????? ?????? ??????? ????? ?? ??? TCP ???? ?????. ????? ????? ???? ???? ???? ??? ???? ??? ???????? TCP.
    • 0: ???? Microsoft ?????EnablePMTUDiscoveryto0. When you do so, an MTU of 576 bytes is used for all connections that are not hosts on the local subnet. If you do not set this value to0, an attacker may force the MTU value to a very small value and overwork the stack.

      ???SettingEnablePMTUDiscoveryto0negatively affects TCP/IP performance and throughput. Even though Microsoft recommends this setting, it should not be used unless you are fully aware of this performance loss.
  • Value name:KeepAliveTime
    Key:Tcpip\Parameters
    Value Type:REG_DWORD-Time in milliseconds
    Valid Range: 1-0xFFFFFFFF
    Default: 7,200,000 (two hours)

    This value controls how frequently TCP tries to verify that an idle connection is still intact by sending a keep-alive packet. If the remote computer is still reachable, it acknowledges the keep-alive packet. Keep-alive packets are not sent by default. You can use a program to configure this value on a connection. The recommended value setting is300,000(5 minutes).
  • Value name:NoNameReleaseOnDemand
    Key:Netbt\Parameters
    Value Type:REG_DWORD
    Valid Range: 0, 1 (False, True)
    Default: 0 (False)

    This value determines whether the computer releases its NetBIOS name when it receives a name-release request. This value was added to permit the administrator to protect the computer against malicious name-release attacks. Microsoft recommends that you set theNoNameReleaseOnDemandvalue to1.

Troubleshooting

When you change the TCP/IP registry values, you may affect programs and services that are running on the Windows Server 2003-based computer. Microsoft recommends that you test these settings on nonproduction workstations and servers to confirm that they are compatible with your business environment.

???????

???? ???????: 324270 - ????? ??? ??????: 09/???/1432 - ??????: 1.1
????? ???
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Small Business Server 2003 Standard Edition
  • Microsoft Windows Small Business Server 2003 Premium Edition
????? ??????: 
kbhowtomaster kbmt KB324270 KbMtar
????? ????
???: ??? ????? ??? ?????? ???????? ?????? ????? ???? ????? ?????????? ????? ?? ????????? ?????? ????. ???? ???? ?????????? ???? ?? ???????? ???????? ?????? ????????? ????? ????????? ???????? ????? ???????? ?????? ?? ?????? ??? ?? ???????? ???????? ?? ????? ??????? ?????? ??? ??????? ?????? ??. ?????? ?? ???? ??? ??????? ???????? ????? ?? ???? ????? ?????? ??? ????? ??? ????? ??????? ?? ????? ?? ?????? ??? ??? ??????? ??????? ?? ????? ????? ????? ????? ?????. ?? ????? ???? ?????????? ??????? ??? ????? ?? ??????? ?? ????? ?????? ?? ??? ????? ?? ????? ??????? ?? ???????? ?? ??? ???????. ???? ???? ?????????? ???????? ??? ????? ?????? ??????? ??????
???? ??? ????? ??????? ?????? ??????????324270
????? ??????? ?? ????? ???? ?? ????? ???????
?? ????? ????? ?????? ???? ???? ???? ??? ??????? ??? ?? ? ?? ??? ??????? Microsoft ??? ????? ??? ??????? ????? ?????? ?????

????? ???????

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com