Users experience delays in voice communications or in streaming video after you set the SynAttackProtect registry value in Windows 2000

Article ID: 891632 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Users who connect to a server experience delays in voice communications or in streaming video. This symptom occurs when you configure a server for one of the following purposes:
  • Voice Over Internet Protocol (VoIP) communications
  • Streaming video
This symptom occurs if the following conditions are true:
  • The server is a Microsoft Windows 2000-based computer.
  • You previously set the SynAttackProtect registry value on this server to 2.
However, if you set the SynAttackProtect registry value to zero (0), users no longer experience these delays.

Note For more information about the SynAttackProtect registry value, see the "More Information" section.
Back to the top | Give Feedback

CAUSE

This problem occurs because the SynAttackProtect registry value is set to 2. Because of this setting, the following events occur:
  1. A service requests the Type of Service (TOS) flag for an initial TCP connection.
  2. Windows does not set the TOS flag on the initial TCP connection.
For example, consider the following scenario:
  1. You use Server A for voice data or for streaming video.
  2. You set the TOS flag to Critical in the IP header of every TCP packet that is sent from Server A.
  3. A client computer sends a TCP SYN packet to Server A.
  4. Server A tries to set the TOS flag to Critical on the ACK-SYN reply packet.
  5. If the SynAttackProtect registry value is set to 2 on Server A, Server A incorrectly sets the TOS flag to Normal on the initial TCP ACK-SYN reply packet.

    Note In this scenario, Server A should set the TOS flag to Critical on this initial TCP ACK-SYN packet.
  6. Subsequent packets from Server A have the TOS flag set correctly to Critical.
In this scenario, if you have a congested network, users may experience delays in VOIP communications or in streaming video communications. This delay occurs because the TOS flag is incorrectly set on the initial TCP connection.
Back to the top | Give Feedback

RESOLUTION

To resolve this problem, you must install security update 893066 on the computer.

Note Security update 893066 is described in security bulletin MS05-019. For more information about security bulletin MS05-019, click the following article number to view the article in the Microsoft Knowledge Base:
893066
(http://support.microsoft.com/kb/893066/ )
MS05-019: Vulnerabilities in TCP/IP could allow remote code execution and denial of service
Back to the top | Give Feedback

MORE INFORMATION

The SynAttackProtect registry value is located under the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
For more information about how to configure the SynAttackProtect registry value, see the Windows 2000 Security Hardening Guide. To obtain this guide, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=15E83186-A2C8-4C8F-A9D0-A0201F639A56&DisplayLang=en
(http://www.microsoft.com/downloads/details.aspx?FamilyID=15E83186-A2C8-4C8F-A9D0-A0201F639A56&DisplayLang=en)
Back to the top | Give Feedback

Properties

Article ID: 891632 - Last Review: October 30, 2006 - Revision: 2.1
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Advanced Server
Keywords: 
kbtshoot KB891632
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top