From: dwr3ckmailbox-fulldisclosure at yahoo.com (DWreck)
Subject: [Tool] HardTCP "Hardening TCP/IP" + SOURCE

Need to be careful when hardening the stack:
 

DefVal(8).Text = GetDWORDValue("HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters", "EnablePmtuDiscovery")
If DefVal(8).Text = "Error" Then DefVal(8).Text = "NP"
 
Disabling PMTU discovery sets the default MTU to 576 for all foreign networks.  In a properly segmented environment this setting can cause 3X the amount of packets sent between VLANs.


DefVal(11).Text = GetDWORDValue("HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters", "PerformRouterDiscovery")
If DefVal(11).Text = "Error" Then DefVal(11).Text = "NP"


Note:  Make sure IDRP is not in use in the client’s perimeter network.

Also, since the interface name changes whenever NICs are added/removed, keeping this edit in can be rough in large environments.

As for the rest, I've had 0 issues with the settings when implementing across 2000+ servers.



Thanks,

DWreck

CONFIDENTIALITY NOTICE: This e-mail and any attachments thereto may contain information which is privileged and confidential, and is intended for the sole use of the recipient(s) named above. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by persons other than the designated recipient(s) is strictly prohibited. If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer. Thank you for your cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040719/676ecf07/attachment.html

Powered by blists - more mailing lists