You are either not logged in or not registered with our community. Click here to register.
 
December 09, 2016, 09:41:37 AM

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

Click here if you are having problems.
Default Wide Screen Beige Lilac Rainbow Black & Blue October Send us your theme!

Hark!  The Herald!
Holiday Issue 2016

Wiki Blogs Dicebot

Author Topic: .reg files from XP  (Read 848 times)

0 Members and 1 Guest are viewing this topic.

Offline KirceTopic starter

.reg files from XP
« on: June 21, 2012, 02:51:38 PM »
Hey there!

Here's the thing, long ago I got two .reg files from a friend, they have to do with tcp/ip and winsock thingies (I'm awful with this kind of stuff) and when I double clicked on them the changes were all automatically applied.

But... now I'm in Windows 7 and the files refuse to work! So... is it possible to convert these two files so that they work in Windows 7 the same way the did in the past with XP?

Help!

Online Vekseid

Re: .reg files from XP
« Reply #1 on: June 26, 2012, 04:23:43 AM »
They almost certainly aren't necessary in Windows 7/Vista, if they are what I think they are. A lot of XP's silly defaults were corrected in Vista, and I think some things aren't even possible to set anymore because some values are handled dynamically by your system.

Offline KirceTopic starter

Re: .reg files from XP
« Reply #2 on: June 29, 2012, 05:38:23 AM »
Aw.. a pity, I asked my friend and (I'm writing now what she told me, which I don't understand) "Those were a number of measures that reinforced the tcp/ip and winsock protocols for increased security against DoS (?) and DDoS (?) attacks".

So that's what they were for! Unfortunately she had no idea on if they worked or not in Windows 7 so, meh!

Online Vekseid

Re: .reg files from XP
« Reply #3 on: June 29, 2012, 07:17:17 AM »
Aw.. a pity, I asked my friend and (I'm writing now what she told me, which I don't understand) "Those were a number of measures that reinforced the tcp/ip and winsock protocols for increased security against DoS (?) and DDoS (?) attacks".

So that's what they were for! Unfortunately she had no idea on if they worked or not in Windows 7 so, meh!

*blinks*

No, they weren't. -_-

Some people passed around RWIN (receive window) tweaks as .reg files, and this could slightly increase your download speeds in Windows XP, however, it is not needed as of Vista (And thus 7). There were also a few other minor tweaks, but none of these were necessary as of Vista.

Attacks against the network stack itself were generally not valid after Windows 2000 came out, and a registry patch isn't going to be sufficient to take care the vulnerabilities that did exist - that took an actual firewall, or more frequently, a fix from Microsoft. And unless you are running a server of some sort, just having a router is about as good as you are generally going to get against denial-of-service attacks. If you are running a server, your best solution is an actual firewall and good server code/configuration.

Regardless, they're text files - open them up in Notepad and post them here if you want, and we can see what they are actually doing. : )

Offline KirceTopic starter

Re: .reg files from XP
« Reply #4 on: June 29, 2012, 09:09:07 AM »
Sure! But I need translation! :)

Code: [Select]
' VBScript source code
' Created with Visual Studio.Net
' Ben Smith - Microsoft Corporation
' Microsoft Windows Security Resource Kit
' Registry script - TCP/IP Security Options for Windows 2000/Windows XP
' Version 1.1

'require variable declaration

option explicit

' declare variables

dim oShell

' main

set oShell = createobject("Wscript.shell")

'set TCP/IP security registry entries

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect",0,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect",2,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions",2,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TCPMaxHalfOpen",500,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TCPMaxHalfOpenRetired",400,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TCPMaxPortsExhausted",5,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions",3,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect",0,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery",0,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime",300000,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting",2,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NoNameReleaseOnDemand",1,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery",0,"REG_DWORD"

wscript.echo ("TCP/IP Security Options Set")

set oShell = nothing

Code: [Select]
' VBScript source code
' Created with Visual Studio.Net
' Ben Smith - Microsoft Corporation
' Microsoft Windows Security Resource Kit
' Registry script - Winsock Security Options for Windows 2000/Windows XP
' Version 1.1

'require variable declaration

option explicit

' declare varaibles

dim oShell

' main

set oShell = createobject("Wscript.shell")

'set winsock security registry entries

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\AFD\Parameters\EnableDynamicBacklog",1,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\AFD\Parameters\DynamicBacklogGrowthDelta",10,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\AFD\Parameters\MinimumDynamicBacklog",20,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\AFD\Parameters\MaximumDynamicBacklog",20000,"REG_DWORD"


wscript.echo ("Winsock Security Options Set")

set oShell = nothing

Online Vekseid

Re: .reg files from XP
« Reply #5 on: June 29, 2012, 10:37:40 AM »
Ahh, I guess some of these were valid for some versions of Windows XP.

All of these require that you have exposed incoming ports. If you don't (i.e. you're a typical person with a router) then

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect",0,"REG_DWORD"

This disables ICMP redirects. Apparently already defaulted to disabled in Windows XP

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect",2,"REG_DWORD"

This attempts to correct for a common form of DOS attack known as 'SYN flooding'. A value of 2 isn't even valid for Windows XP, and 1 was the default eventually.

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions",2,"REG_DWORD"

Number of attempts to retry an unanswered SYN-ACK response, for preventing SYN flooding. 2 has been the default for some time.

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TCPMaxHalfOpen",500,"REG_DWORD"

How many half open connections to allow before SYN flood protection is turned on.

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TCPMaxHalfOpenRetired",400,"REG_DWORD"

How many retired """""

According to Microsoft:
Quote
The SynAttackProtect, TcpMaxHalfOpen, and TcpMaxHalfOpenRetried registry entries are no longer used with Windows Vista and Windows Server 2008. The TCP/IP protocol suite implementation in Windows Vista and Windows Server 2008 was redesigned to provide improved performance and does not require manual modification of these registry entries.


oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TCPMaxPortsExhausted",5,"REG_DWORD"

If the system is somehow forced to refuse connection requests, how many before it turns on Syn attack protection. This should probably be included in the above as 'no longer applying at all'.

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions",3,"REG_DWORD"

This just makes your computer more aggressively terminate connections that might be dead. 3 is okay. But again, assuming you're behind a router and you probably are, lowering this hurts you more than it helps you.

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect",0,"REG_DWORD"

This is only relevant if you have multiple gateways configured. Turning it off as you are trying to do here would mean that if one of your networks failed, it wouldn't automatically try to switch to another. I'm not sure why disabling this explicitly is supposed to be a 'good idea'.

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery",0,"REG_DWORD"

Whether or not Windows should attempt to discover the maximum packet size along a given path. It's no longer possible to trick Windows into setting this below 576 so this is pointless.

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime",300000,"REG_DWORD"

By default, TCP connections have a rather ridiculous time-to-live, roughly five days according to spec, or three hours by MS's default - this sets it to five minutes (300,000 milliseconds). I actually set this lower for E's server, but again, it's my server - it's directly accessible by the rest of the world and it has to be. For most people, who are behind a hardware router of some sort, this hurts more than it helps, as it may drop potentially good connections.

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting",2,"REG_DWORD"

Disables tolerating packet source spoofing... apparently this is still actually relevant in windows 7. WTF. No harm in adding this manually, but again, your router will generally intercept this, not your pc.

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NoNameReleaseOnDemand",1,"REG_DWORD"

Only relevant if you're using WINS and NetBIOS, and running a network as such where you'd fear to be subjected to such attacks. I don't think I've seen WINS in over a decade, even in Microsoft shops. Microsoft itself suggests against this.

oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery",0,"REG_DWORD"

If you're really this paranoid, rather than ganking an important function of DHCP you should really just set your own static IP address.



oShell.RegWrite "HKLM\System\CurrentControlSet\Services\AFD\Parameters\EnableDynamicBacklog",1,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\AFD\Parameters\DynamicBacklogGrowthDelta",10,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\AFD\Parameters\MinimumDynamicBacklog",20,"REG_DWORD"
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\AFD\Parameters\MaximumDynamicBacklog",20000,"REG_DWORD"

Dynamic SYN backlog settings for dealing with SYN flood attacks. Again, as of Vista, this gets managed automagically, these settings no longer do anything.

Offline KirceTopic starter

Re: .reg files from XP
« Reply #6 on: July 12, 2012, 09:25:09 AM »
I'm sorry for the delayed reply but real life is keeping me too busy. Anyway, Vekseid I'm afraid that I'm barely understanding anything, it looks like it's too outdated in general? I'm using Windows 7 so as far as I understand by all that you explained... it's either fixed, outdated or irrelevant because it's done automagically in Windows 7, right? Well except for the one where you say... um... this one!

Quote
oShell.RegWrite "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting",2,"REG_DWORD"

Disables tolerating packet source spoofing... apparently this is still actually relevant in windows 7. WTF. No harm in adding this manually, but again, your router will generally intercept this, not your pc.

And that's it? Although again, I have no idea on what it really means, I'm sorry!

Offline Psi

  • Between Heaven and Hell and having a great time playing the middle.
  • Lord
  • Enchanted
  • *
  • Join Date: Jul 2008
  • Gender: Male
  • Lost within your pretty green eyes
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 1
Re: .reg files from XP
« Reply #7 on: July 17, 2012, 04:38:39 AM »
I'm sorry for the delayed reply but real life is keeping me too busy. Anyway, Vekseid I'm afraid that I'm barely understanding anything, it looks like it's too outdated in general? I'm using Windows 7 so as far as I understand by all that you explained... it's either fixed, outdated or irrelevant because it's done automagically in Windows 7, right? Well except for the one where you say... um... this one!

And that's it? Although again, I have no idea on what it really means, I'm sorry!

Do you connect with an adsl, or cable modem?  Or do you connect via a dial up modem.  If you connect via a modem, then this is still relevant.  If you connect via the first two, then it doesn't matter :)

Offline KirceTopic starter

Re: .reg files from XP
« Reply #8 on: August 06, 2012, 10:27:52 AM »
Usually through my phone or laptop if I'm at home but yeah, I think that it's adsl in most, if not all, cases. But thanks! I guess that I can forget about those files now, I might just keep them around for the memories anyway, you never know! ;)