Users experience delays in voice communications or in streaming video after you set the SynAttackProtect registry value in Windows 2000

This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
Users who connect to a server experience delays in voice communications or in streaming video. This symptom occurs when you configure a server for one of the following purposes:
  • Voice Over Internet Protocol (VoIP) communications
  • Streaming video
This symptom occurs if the following conditions are true:
  • The server is a Microsoft Windows 2000-based computer.
  • You previously set the SynAttackProtect registry value on this server to 2.
However, if you set the SynAttackProtect registry value to zero (0), users no longer experience these delays.

Note For more information about the SynAttackProtect registry value, see the "More Information" section.
CAUSE
This problem occurs because the SynAttackProtect registry value is set to 2. Because of this setting, the following events occur:
  1. A service requests the Type of Service (TOS) flag for an initial TCP connection.
  2. Windows does not set the TOS flag on the initial TCP connection.
For example, consider the following scenario:
  1. You use Server A for voice data or for streaming video.
  2. You set the TOS flag to Critical in the IP header of every TCP packet that is sent from Server A.
  3. A client computer sends a TCP SYN packet to Server A.
  4. Server A tries to set the TOS flag to Critical on the ACK-SYN reply packet.
  5. If the SynAttackProtect registry value is set to 2 on Server A, Server A incorrectly sets the TOS flag to Normal on the initial TCP ACK-SYN reply packet.

    Note In this scenario, Server A should set the TOS flag to Critical on this initial TCP ACK-SYN packet.
  6. Subsequent packets from Server A have the TOS flag set correctly to Critical.
In this scenario, if you have a congested network, users may experience delays in VOIP communications or in streaming video communications. This delay occurs because the TOS flag is incorrectly set on the initial TCP connection.
RESOLUTION
To resolve this problem, you must install security update 893066 on the computer.

Note Security update 893066 is described in security bulletin MS05-019. For more information about security bulletin MS05-019, click the following article number to view the article in the Microsoft Knowledge Base:
893066 MS05-019: Vulnerabilities in TCP/IP could allow remote code execution and denial of service
MORE INFORMATION
The SynAttackProtect registry value is located under the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
For more information about how to configure the SynAttackProtect registry value, see the Windows 2000 Security Hardening Guide. To obtain this guide, visit the following Microsoft Web site:
TOS byte, ACK_SYN, SYN_ACK
Properties

Article ID: 891632 - Last Review: 10/27/2013 07:06:27 - Revision: 2.1

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Advanced Server
  • kbnosurvey kbarchive kbtshoot KB891632
Feedback