The article "Security Considerations for Network Attacks" (http://www.microsoft.com/TechNet/security/dosrv.asp) published by Microsoft details best practices to protect Windows NT against denial of service attacks. It includes a number of recommended registry configurations to harden the network stack. One particular suggested setting, "SynAttackProtect", has been shown to render a Windows NT 4.0 system vulnerable to a remotely exploitable denial of service attack. In the document "Security Considerations for Network Attacks", it states that the value for REG_DWORD for the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters should be set to '2' rather than the default value of '0' in order to circumvent SYN attacks. However, when the value is configured as '2', Windows NT 4.0 will be vulnerable to a denial of service attack. If the CyberCop TCP Sequence Number Prediction attack (Module 13002) (or equivalent) is launched against a host with...
The article "Security Considerations for Network Attacks" (http://www.microsoft.com/TechNet/security/dosrv.asp) published by Microsoft details best practices to protect Windows NT against denial of service attacks. It includes a number of recommended registry configurations to harden the network stack. One particular suggested setting, "SynAttackProtect", has been shown to render a Windows NT 4.0 system vulnerable to a remotely exploitable denial of service attack. In the document "Security Considerations for Network Attacks", it states that the value for REG_DWORD for the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters should be set to '2' rather than the default value of '0' in order to circumvent SYN attacks. However, when the value is configured as '2', Windows NT 4.0 will be vulnerable to a denial of service attack. If the CyberCop TCP Sequence Number Prediction attack (Module 13002) (or equivalent) is launched against a host with this registry setting, it may crash requiring a reboot to regain system functionality. It is not exactly known what causes this to occur.
