1. Set the survival time
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
DefaultTTL REG_DWORD 0-0xff(0-255 decimal, default value 128)
Description: Specifies the default time of survival (TTL) value set in the outgoing IP packet. TTL determines the maximum time for IP packets to survive in the network before reaching the target. It actually defines the number of routers that IP packets are allowed to pass through before being discarded. This value is sometimes used to detect the remote host operating system.
2. Prevent ICMP redirect packet attacks
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
EnableICMPRedirects REG_DWORD 0x0 (default value is 0x1)
Description: This parameter controls whether Windows 2000 will change its routing table in response to ICMP redirect messages sent to it by network devices (such as routers), and is sometimes used to do bad things. The default value in Win2000 is 1, indicating that it responds to ICMP redirect messages.
3. Disable response to ICMP routing notification messages
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter
faces\interface
PerformRouterDiscovery REG_DWORD 0x0 (default value is 0x2)
Note: The "ICMP Routing Announcement" function can cause network connection abnormalities of other people's computers, data eavesdropping, and computers used for traffic attacks and other serious consequences. This problem has led to large-scale and long-term network abnormalities on certain local area networks on campus networks. Therefore, it is recommended to turn off the response ICMP routing notification message. The default value in Win2000 is 2, which means it is enabled when the DHCP sends the router discovery option.
4. Prevent SYN flood attacks
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
SynAttackProtect REG_DWORD 0x2 (default value is 0x0)
Description: SYN attack protection includes reducing the number of SYN-ACK retransmissions to reduce the time retained by allocating resources. The routing cache item resource allocation delays until the connection is established. If synattackprotect=2, the connection indication of AFD is delayed until the three-way handshake is completed. Note that the protection mechanism will only take action if the TcpMaxHalfOpen and TcpMaxHalfOpenRetried settings are out of range.
5. Prohibit default sharing of C$ and D$
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
AutoShareServer、REG_DWORD、0x0
6. Disable ADMIN$ default sharing
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
AutoShareWks、REG_DWORD、0x0
7. Restrict IPC$ default sharing
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
restrictanonymous REG_DWORD 0x0 Default
0x1 Anonymous user cannot list the local user list
0x2 Anonymous user cannot connect to native IPC$share
Note: It is not recommended to use 2, otherwise some of your services may not be started, such as SQL Server
8. IGMP protocol is not supported
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
IGMPLevel REG_DWORD 0x0 (default value is 0x2)
Note: Remember there is a bug under Win9x, which means that IGMP can be used to make others blue screen. Modifying the registry can fix this bug. Although Win2000 does not have this bug, IGMP is not necessary, so it can still be removed. After changing to 0, you will not see the annoying 224.0.0.0 item after using route print.
9. Set the aging time setting of arp cache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services:\Tcpip\Parameters
ArpCacheLife REG_DWORD 0-0xFFFFFFFFF (seconds, default value is 120 seconds)
ArpCacheMinReferencedLife REG_DWORD 0-0xFFFFFFFFF (seconds, default value is 600)
Note: If ArpCacheLife is greater than or equal to ArpCacheMinReferencedLife, the referenced or unreferenced ARP cache entry expires in seconds of ArpCacheLife. If ArpCacheLife is less than ArpCacheMinReferencedLife, the unreferenced item expires after ArpCacheLife seconds, and the referenced item expires after ArpCacheMinReferencedLife seconds. Each time an outbound packet is sent to the IP address of the item, the item in the ARP cache is referenced.
10. Prohibit dead gateway monitoring technology
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services:\Tcpip\Parameters
EnableDeadGWDetect REG_DWORD 0x0 (default is ox1)
Note: If you set up multiple gateways, your machine will automatically switch to the backup gateway when it has difficulty handling multiple connections. Sometimes this is not a good idea, and it is recommended to prohibit dead gateway monitoring.
11. The routing function is not supported
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services:\Tcpip\Parameters
IPEnableRouter REG_DWORD 0x0 (default value is 0x0)
Note: Setting the value to 0x1 can make Win2000 have routing functions, which brings unnecessary problems.
12. Maximum value of external ports for amplification conversion when doing NAT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services:\Tcpip\Parameters
MaxUserPort REG_DWORD 5000-65534 (decimal) (default value 0x1388--decimal is 5000)
Note: When the application requests the number of available user ports from the system, this parameter controls the maximum number of ports used. Under normal circumstances, the number of short-term ports allocated is 1024-5000. When setting this parameter outside the valid range, the closest valid value (5000 or 65534) is used. It is recommended to enlarge the value when using NAT.
13. Modify the MAC address
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\
Find the directory with the description "Network Card" in the right window.
For example, {4D36E972-E325-11CE-BFC1-08002BE10318}
Expand it, find the key value of "DriverDesc" in the branch below 0000,0001,0002... to indicate the description of your network card. For example, the value of "DriverDesc" is "Intel(R) 82559 Fast Ethernet LAN on Motherboard" and then create a new string value in the right window, name is "Networkaddress", and the content is the MAC value you want, such as "00404040404040" and then restart the computer, ipconfig /all to see.