How to protect Microsoft Windows from SYN Flood attack
Edit the registry by adding the following keys in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value Name Value (REG_DWORD)
---------------- ----------------------------
SynAttackProtect 2
TcpMaxPortlovehausted 1
TcpMaxHalfOpen 500
TcpMaxHalfOpenRetried 400
TcpMaxConnectResponseRetransmissions 2
TcpMaxDataRetransmissions 2
EnablePMTUDiscovery 0
KeepAliveTime 300000 (5 minutes)
NoNameReleaseOnDemand 1
Reference: http://msdn2.microsoft.com/en-us/library/aa302363.aspx
Thursday, May 29, 2008
How to test your Antivirus program?
How to test your Antivirus program?
You my create a file with EICAR (European Institute for Computer Antivirus Research) test string.
Here is the EICAR test string:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Copy and past this string into a notepad document, then click FILE > SAVE AS. Type .COM as the filename.
For more information, please refer to http://www.eicar.org/anti_virus_test_file.htm.
You my create a file with EICAR (European Institute for Computer Antivirus Research) test string.
Here is the EICAR test string:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Copy and past this string into a notepad document, then click FILE > SAVE AS. Type .COM as the filename.
For more information, please refer to http://www.eicar.org/anti_virus_test_file.htm.
Wednesday, May 28, 2008
Check current tcp/ip connection for each program for Windows XP
Check current tcp/ip connection for each program for Windows XP.
Click Start - Run, Type CMD.exe.
Type netstat.exe -bv.
You can see the foreign address and port number your program connecting to. By adding a space and a number, you can check most up-to-dated information.
netstat.exe -bv 5
Press Ctrl + C to cancal it.
Click Start - Run, Type CMD.exe.
Type netstat.exe -bv.
You can see the foreign address and port number your program connecting to. By adding a space and a number, you can check most up-to-dated information.
netstat.exe -bv 5
Press Ctrl + C to cancal it.
How to repair TCP/IP issue in Windows XP
How to repair TCP/IP network connectivity issue in Windows XP?
Unlike Windows 2000, you cannove remove TCP/IP. If TCP/IP stack is corrupted, you can reset the Internet Protocol (TCP/IP) stack by rewrite the registry by using the follow command.
netsh int ip reset
Or you may use this link if you are using US version of Windows XP.
http://support.microsoft.com/?scid=aw;en-us;299357&eula=1
Unlike Windows 2000, you cannove remove TCP/IP. If TCP/IP stack is corrupted, you can reset the Internet Protocol (TCP/IP) stack by rewrite the registry by using the follow command.
netsh int ip reset
Or you may use this link if you are using US version of Windows XP.
http://support.microsoft.com/?scid=aw;en-us;299357&eula=1
Vista boot up sequence
Vista boot up sequence is different from previous Windows.
Here is how Windows Vista boot up.
Preboot:
1. POST routines run.
2. BIOS finds the boot devices and loads ans tuns MBR.
3. MBR locates the active partition in the partition table. Load
the boot sector into memory an run it.
The files used to load 2000\XP in this sequence:
Ntldr, Boot.ini, Bootsect.dos (if you have Windows 9x), Ntdetect.com, Winnt\system32\Ntoskrnl.exe.
Boot:
1. Ntldr (NT Loader) is loaded, executed and started the minifile system drivers to load Windows in FAT or NTFS partition format.
2. Ntldr read the boot.ini and you have operrating system selection. (if boot.ini is not found, it will attemp to load on the first partition of the first disk.)
3. If Windows 9x\Me is selected, Ntldr loads bootsect.dos.
If Windows 2000/XP is selected, Ntdetect.com performs hardware detection. Ntdetect.com detects bus/adapter type, comm ports, flating point pocessor, floppy, keyboard, mouse, parallel ports, SCSI, video cards which in the registry HLM\HARDWARE key.
4. After collection hardware information, Hardware Profiles menu is present if there is more than one hardware profile.
5. NTldr loads Winnt\System32\Ntoskrnl.exe, hal.dll (hardwareware abstraction layer), HKLM\SYSTEM key from winnt\system32\Config\System, and loads and initializes device drivers control set that used to iniialize the computer. The order list of loading device
drivers is in HKLM\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder.
6. After successful initialization, a set of registry key will be set in HKLM\HARDWARE. A copy of ControlSet will be created in HKL\System.
7. Kernal scans and loads the device drivers in HKLM\SYSTEM\CurrentControlSet\Services.
8. Session Manger (Smss.exe) executes commands in BootExecute data item, creates the pagining file by Memory Manager, DOD device key, subsystem and services for Windows.
9. The Win32 subsystem start Winlogon.exe, loads Local Security Authority (Lsass.exe) and
display Login dailog box.
10. Service Controller makes a final scan and runs serverices marked to run automatically in
HKLM\SYSTEM\CurrentControlSet\Services.
11. After successfully logon, a copy of cntrol set is made to LastKnownGood control set.
Preboot:
1. POST routines run.
2. BIOS finds the boot devices and loads ans tuns MBR.
3. MBR locates the active partition in the partition table. Load
the boot sector into memory an run it.
The files used to load 2000\XP in this sequence:
Ntldr, Boot.ini, Bootsect.dos (if you have Windows 9x), Ntdetect.com, Winnt\system32\Ntoskrnl.exe.
Boot:
1. Ntldr (NT Loader) is loaded, executed and started the minifile system drivers to load Windows in FAT or NTFS partition format.
2. Ntldr read the boot.ini and you have operrating system selection. (if boot.ini is not found, it will attemp to load on the first partition of the first disk.)
3. If Windows 9x\Me is selected, Ntldr loads bootsect.dos.
If Windows 2000/XP is selected, Ntdetect.com performs hardware detection. Ntdetect.com detects bus/adapter type, comm ports, flating point pocessor, floppy, keyboard, mouse, parallel ports, SCSI, video cards which in the registry HLM\HARDWARE key.
4. After collection hardware information, Hardware Profiles menu is present if there is more than one hardware profile.
5. NTldr loads Winnt\System32\Ntoskrnl.exe, hal.dll (hardwareware abstraction layer), HKLM\SYSTEM key from winnt\system32\Config\System, and loads and initializes device drivers control set that used to iniialize the computer. The order list of loading device
drivers is in HKLM\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder.
6. After successful initialization, a set of registry key will be set in HKLM\HARDWARE. A copy of ControlSet will be created in HKL\System.
7. Kernal scans and loads the device drivers in HKLM\SYSTEM\CurrentControlSet\Services.
8. Session Manger (Smss.exe) executes commands in BootExecute data item, creates the pagining file by Memory Manager, DOD device key, subsystem and services for Windows.
9. The Win32 subsystem start Winlogon.exe, loads Local Security Authority (Lsass.exe) and
display Login dailog box.
10. Service Controller makes a final scan and runs serverices marked to run automatically in
HKLM\SYSTEM\CurrentControlSet\Services.
11. After successfully logon, a copy of cntrol set is made to LastKnownGood control set.
Subscribe to:
Posts (Atom)
