Slashdot Mirror

← Back to Domains

Domain: microsoft.com

Stories and comments across the archive that link to microsoft.com.

Comments · 34,132

Re:no huge surprise .. nokia is engineered to fail by shutdown+-p+now · 2012-04-27 18:21 · Score: 1 · on Samsung Passes Nokia As Biggest Handset Manufacturer

I don't understand all the screaming. I use VS11 on a daily basis using the dark theme.
Therein likely lies the problem. Monochrome is pretty decently looking in dark theme, especially since people who use it want to focus on the code in the first place in any case (and the point of monochrome is really to let you do that - let the editor be the focal point due to its syntax highlighting being the only blot of color in the IDE). But have you tried the light theme for any considerable period of time?

What's needed is a theme configuration tool. That way people can create whatever they want and I can have an elflord style colorscheme.
For VS2010, there was this. It doesn't do all, but at least it lets you change colors. Matthew said in a comment there that he'll try to find the time to update it for VS11 sometime after the release.

As a side-note: I've been impressed with how stable VS11 is (used dev preview now beta). My previous job we used 2005 targetting CF 2.0 for WinCE. It was was not very stable. We moved up to 2008 which was better but still crashed periodically. 2010 was out at the time but we weren't able to use it (no support for WinCE device deploy/debug IIRC.. at least at the time). VS11 has been quick and smooth.
As one of the guys who works on it (and especially the "smooth" part... I hope you do like the new background solution load experience!), I'm really glad to hear it. Just keep filing those bugs for when it's not stable, or when performance is not on par with what you'd expect in some specific scenario, or when you see something obviously silly in the UI - especially the new or revamped stuff (e.g. like this).
Re:no huge surprise .. nokia is engineered to fail by shutdown+-p+now · 2012-04-27 18:21 · Score: 1 · on Samsung Passes Nokia As Biggest Handset Manufacturer

I don't understand all the screaming. I use VS11 on a daily basis using the dark theme.
Therein likely lies the problem. Monochrome is pretty decently looking in dark theme, especially since people who use it want to focus on the code in the first place in any case (and the point of monochrome is really to let you do that - let the editor be the focal point due to its syntax highlighting being the only blot of color in the IDE). But have you tried the light theme for any considerable period of time?

What's needed is a theme configuration tool. That way people can create whatever they want and I can have an elflord style colorscheme.
For VS2010, there was this. It doesn't do all, but at least it lets you change colors. Matthew said in a comment there that he'll try to find the time to update it for VS11 sometime after the release.

As a side-note: I've been impressed with how stable VS11 is (used dev preview now beta). My previous job we used 2005 targetting CF 2.0 for WinCE. It was was not very stable. We moved up to 2008 which was better but still crashed periodically. 2010 was out at the time but we weren't able to use it (no support for WinCE device deploy/debug IIRC.. at least at the time). VS11 has been quick and smooth.
As one of the guys who works on it (and especially the "smooth" part... I hope you do like the new background solution load experience!), I'm really glad to hear it. Just keep filing those bugs for when it's not stable, or when performance is not on par with what you'd expect in some specific scenario, or when you see something obviously silly in the UI - especially the new or revamped stuff (e.g. like this).
Re:no huge surprise .. nokia is engineered to fail by shutdown+-p+now · 2012-04-27 18:21 · Score: 1 · on Samsung Passes Nokia As Biggest Handset Manufacturer

I don't understand all the screaming. I use VS11 on a daily basis using the dark theme.
Therein likely lies the problem. Monochrome is pretty decently looking in dark theme, especially since people who use it want to focus on the code in the first place in any case (and the point of monochrome is really to let you do that - let the editor be the focal point due to its syntax highlighting being the only blot of color in the IDE). But have you tried the light theme for any considerable period of time?

What's needed is a theme configuration tool. That way people can create whatever they want and I can have an elflord style colorscheme.
For VS2010, there was this. It doesn't do all, but at least it lets you change colors. Matthew said in a comment there that he'll try to find the time to update it for VS11 sometime after the release.

As a side-note: I've been impressed with how stable VS11 is (used dev preview now beta). My previous job we used 2005 targetting CF 2.0 for WinCE. It was was not very stable. We moved up to 2008 which was better but still crashed periodically. 2010 was out at the time but we weren't able to use it (no support for WinCE device deploy/debug IIRC.. at least at the time). VS11 has been quick and smooth.
As one of the guys who works on it (and especially the "smooth" part... I hope you do like the new background solution load experience!), I'm really glad to hear it. Just keep filing those bugs for when it's not stable, or when performance is not on par with what you'd expect in some specific scenario, or when you see something obviously silly in the UI - especially the new or revamped stuff (e.g. like this).
firmware rootkits: we're everywhere! muhahahaha by Anonymous Coward · 2012-04-27 14:46 · Score: -1, Offtopic · on Slackware: I'm Not Dead Yet!

Network Cards & PCI Cards Firmware: No protection or detection of rootkits / malware, & AMD CPU issue
# Designing and implementing malicious hardware
"Hidden malicious circuits provide an attacker with a stealthy attack vector. As they occupy a layer below the entire software stack, malicious circuits can bypass traditional defensive techniques. Yet current work on trojan circuits considers only simple attacks against the hardware itself, and straightforward defenses. More complex designs that attack the software are unexplored, as are the countermeasures an attacker may take to bypass proposed defenses.
We present the design and implementation of Illinois Malicious Processors (IMPs). There is a substantial design space in malicious circuitry; we show that an attacker, rather than designing one speciïc attack, can instead design hardware to support attacks. Such flexible hardware allows powerful, general purpose attacks, while remaining surprisingly low in the amount of additional hardware. We show two such hardware designs, and implement them in a real system. Further, we show three powerful attacks using this hardware, including a login backdoor that gives an attacker complete and highlevel access to the machine. This login attack requires only 1341 additional gates: gates that can be used for other attacks as well. Malicious processors are more practical, more ïexible, and harder to detect than an initial analysis would suggest."
https://db.usenix.org/event/leet08/tech/full_papers/king/king_html/
# Attacking network cards
"I've reached my goal of writing a totally transparent firewall bypass engine for those firewalls which are PC-based: you simply overwrite the firmware in both NICs and then perform PCI-to-PCI transfers between the two cards for suitably formatted IP packets (modern NICs have IP "offload engines" in hardware and therefore can trigger on incoming and outgoing packets). The resulting "Jedi Packet Trick" (sorry, couldn't resist) fools, amongst others, CheckPoint FW-1, Linux-based Strongwall, etc. This is of course obvious as none of them check PCI-to-PCI transfers. "
https://lwn.net/Articles/284162/
http://www.links.org/?p=330
# 'Super-secret' debugger discovered in AMD CPUs
# Password-protected feature goes beyond x86
http://www.theregister.co.uk/2010/11/15/amd_secret_debugger/
# Super-secret debug capabilities of AMD processors !
http://www.woodmann.com/collaborative/knowledge/index.php/Super-secret_debug_capabilities_of_AMD_processors_!
# Hidden Debug Mode Found In AMD Processors
http://hardware.slashdot.org/story/10/11/12/047243/Hidden-Debug-Mode-Found-In-AMD-Processors
# A microcode reliability update is available that improves the reliability of systems that use Intel processors
http://support.microsoft.com/kb/936357
# Google: attacking network cards malware, PCI rootkit, PCI rootkits, rootkit firmware, etc.
Smell this by Anonymous Coward · 2012-04-27 11:16 · Score: -1 · on Sun's Twin Discovered — the Perfect SETI Target?

Network Cards & PCI Cards Firmware: No protection or detection of rootkits / malware, & AMD CPU issue
# Designing and implementing malicious hardware
"Hidden malicious circuits provide an attacker with a stealthy attack vector. As they occupy a layer below the entire software stack, malicious circuits can bypass traditional defensive techniques. Yet current work on trojan circuits considers only simple attacks against the hardware itself, and straightforward defenses. More complex designs that attack the software are unexplored, as are the countermeasures an attacker may take to bypass proposed defenses.
We present the design and implementation of Illinois Malicious Processors (IMPs). There is a substantial design space in malicious circuitry; we show that an attacker, rather than designing one speciïc attack, can instead design hardware to support attacks. Such ïexible hardware allows powerful, general purpose attacks, while remaining surprisingly low in the amount of additional hardware. We show two such hardware designs, and implement them in a real system. Further, we show three powerful attacks using this hardware, including a login backdoor that gives an attacker complete and highlevel access to the machine. This login attack requires only 1341 additional gates: gates that can be used for other attacks as well. Malicious processors are more practical, more ïexible, and harder to detect than an initial analysis would suggest."
https://db.usenix.org/event/leet08/tech/full_papers/king/king_html/
# Attacking network cards
"I've reached my goal of writing a totally transparent firewall bypass engine for those firewalls which are PC-based: you simply overwrite the firmware in both NICs and then perform PCI-to-PCI transfers between the two cards for suitably formatted IP packets (modern NICs have IP "offload engines" in hardware and therefore can trigger on incoming and outgoing packets). The resulting "Jedi Packet Trick" (sorry, couldn't resist) fools, amongst others, CheckPoint FW-1, Linux-based Strongwall, etc. This is of course obvious as none of them check PCI-to-PCI transfers. "
https://lwn.net/Articles/284162/
http://www.links.org/?p=330
# 'Super-secret' debugger discovered in AMD CPUs
# Password-protected feature goes beyond x86
http://www.theregister.co.uk/2010/11/15/amd_secret_debugger/
# Super-secret debug capabilities of AMD processors !
http://www.woodmann.com/collaborative/knowledge/index.php/Super-secret_debug_capabilities_of_AMD_processors_!
# Hidden Debug Mode Found In AMD Processors
http://hardware.slashdot.org/story/10/11/12/047243/Hidden-Debug-Mode-Found-In-AMD-Processors
# A microcode reliability update is available that improves the reliability of systems that use Intel processors
http://support.microsoft.com/kb/936357
# Google: attacking network cards malware, PCI rootkit, PCI rootkits, rootkit firmware, etc.
Re:Who wouldn't want Bing? by symbolset · 2012-04-26 17:04 · Score: 4, Interesting · on NY Times: Microsoft Tried To Unload Bing On Facebook

You think that's bad? Try being the boss of Windows HPC. That guy fell of the Top500 entirely. No joke, the last Windows cluster in the Top500, ShanghaiSupercomputing Center's Dawning 5000A went SLES10 and now there is not even one. He must be so lonely.
Re:And not a single by Anonymous Coward · 2012-04-26 06:47 · Score: 2, Interesting · on Steve Jobs' Idea For an Ad-Supported OS

Man Jobs was worse than I thought. Not even M$ would do this.
Yes, Microsoft would never foist ad-supported software on its users
On the other hand, Apple has been foisting this on...well, nobody, since they decided not to go ahead with it.
Re:that will be a death note to enterprise use by DigiShaman · 2012-04-25 18:14 · Score: 1 · on Microsoft's Hotmail Challenge Backfires

It should be worth noting that linking an online account with a local OS account is nothing new. It first started with Window XP letting users link to a Hotmail account via MS Passport. The most notable feature was a count (often buggy BTW) of how many unread messages were left at the Windows XP logon screen.
To this day, Windows 7 does the same thing, only with a Live ID account. Things like opening up MSN Messenger become transparent as you're automatically authenticated. If you want to do this, follow the path of --> Control Panel\User Accounts and Family Safety\User Accounts\Link Online IDs
http://windows.microsoft.com/en-US/windows7/online-id-providers
Re:weak password by icebraining · 2012-04-25 11:32 · Score: 1 · on Microsoft's Hotmail Challenge Backfires

That attack hasn't worked in ages. You can load an iframe with the Hotmail page, but you can't use the script to activate anything in the iframe if the domain is different from the top page.
http://msdn.microsoft.com/en-us/library/ms533028(v=vs.85).aspx
Re:Well, kinda. There is flawed reasoning here. by Anonymous Coward · 2012-04-25 08:54 · Score: 0 · on Microsoft Says Two Basic Security Steps Might Have Stopped Conficker

The assumption here is that an attacker choosing the easiest way has no other route
No. That is YOUR assumption. Nobody has ever claimed that.

Microsoft seems to think the authors would have stopped looking without finding an exploit route. Instead, they found one, and stopped looking.
Where do they say that? Other than the thoughts rattling inside your mind, noone inside microsoft has ever said that or anything even close to that.
I know this is slashdot and facts are only slightly relevant to make way for MS bashing, but what they said can be factually tested.
Patch to fix bug used by Conficker. October 23 2008
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
Conficker started spreading in Late November. Gee.. its almost like they reverse engineered the patch to see what bug was patched and then created an exploit for it.
http://www.theregister.co.uk/2009/01/19/conficker_worm_feed/
Re:having to change passwords all the time leads t by clarkn0va · 2012-04-25 08:07 · Score: 1 · on Microsoft Says Two Basic Security Steps Might Have Stopped Conficker

And MS knew that.
Re:Patching existing vulnerabilities by Anonymous Coward · 2012-04-25 07:48 · Score: 0 · on Microsoft Says Two Basic Security Steps Might Have Stopped Conficker

From what I know, conficker exploited MS08-067 . This is a critical exploit in Server service in Windows which allows remote code execution; weak passwords maybe contributed but I'm sure it wasn't a primary factor in conficker spread, otherwise we would have a lot of worms infecting hundreds of thousands using this method.
Just because you have systems frozen in time you shouldn't just leave them connected to the network; implement additional controls: stop all the non-essential network listening services running on the system (especially Server service), and implement a strict firewall to the system.
VB's H/W Req's a "5400 RPM Hard Drive" :MS by ivi · 2012-04-24 16:20 · Score: 1 · on C/C++ Back On Top of the Programming Heap?

When did Micrsoft begin to specify - as a System Requirement for its software - the rotational speed of one's hard drive(s), ie, as it does - quite explicitly - here:
+ http://www.microsoft.com/visualstudio/en-us/products/2010-editions/visual-basic-express/system-requirements
?
If it's spinning a bit more slowly, the user waits a bit longer... Right?
Re:Buffer overflow by stewartjm · 2012-04-24 15:25 · Score: 1 · on C/C++ Back On Top of the Programming Heap?

Actually, things are advanced to the point where with very rare exception a human writing assembly is almost certainly not going to produce the optimal approach anymore.
Compilers are in general horrible at getting anywhere near full throughput out of the SIMD instructions on modern CPUs. At least partially because the languages don't provide data types and operators that map well to how the SIMD instructions work. For most tight number crunching loops, you'll be lucky if straight forward, compiled code is achieving even 25% of the throughput that the CPU is capable of. To achieve full throughput, you'll need to understand the SIMD architecture, and hand roll some assembly language or C/C++ code using SIMD intrinsics.

However, for most programs, it's usually not worth the time, effort, and "brittleness" of the resulting code.
Re:SkyDrive REST apis by DragonWriter · 2012-04-24 12:07 · Score: 4, Informative · on Google Drive Goes Live

SkyDrive has a bunch of REST apis you can use that don't require installing any client software: http://msdn.microsoft.com/en-us/library/live/hh243648.aspx
So does Google Drive. https://developers.google.com/drive/v1/reference/
Re:SkyDrive + Dropbox = Even better by WolfgangPG · 2012-04-24 06:10 · Score: 4, Informative · on Google Drive Goes Live

This is all out of date as of yesterday. Max file size sync has changed, etc... Please keep up!

Skydrive offers 7GB for Free, Google Drive offers 5GB. Sky Drive offers a max of 100GB of Paid Storage, Google Drive offers 16TB of paid storage.

http://blogs.msdn.com/b/b8/archive/2012/04/23/the-next-chapter-for-skydrive-personal-cloud-storage-for-windows-available-anywhere.aspx
https://apps.live.com/skydrive

They need to update their Google compare: http://windows.microsoft.com/en-us/skydrive/compare
Make sure you keep up with the news :)
I Hope The Sanctions Target ( Score: +5, Perfect ) by Anonymous Coward · 2012-04-23 10:01 · Score: 0 · on New Sanctions To Target Syrian and Iranian Tech Capacity

Microsoft Craporation for enabling the repressive technologies.
Yours In Minsk,
K. Trout
Oh, on JAY LITTLE too? by Anonymous Coward · 2012-04-23 09:42 · Score: 0 · on Anonymous, People's Liberation Front Build Anonymous Data-Sharing Site

LMAO - he got DUSTED by me @ Windows IT Pro on Exchange Server http://www.windowsitpro.com/article/internals-and-architecture/the-memory-optimization-hoax
PERTINENT QUOTE:
"*******
XADM: The Extensible Storage Engine Database Engine Contributes to Virtual Memory Fragmentation Exchange 2000 Server, like many large scale programs, may experience virtual memory (VM) fragmentation. Over time, the server may not perform well, & you may not be able to mount storage groups because of VM fragmentation.
http://support.microsoft.com/default.aspx?scid=kb;en-us;324118
XADM: You Experience Excessive Virtual Memory Fragmentation on a Heavily Loaded Exchange Server Your Microsoft Exchange 2000 Server computer may experience virtual memory fragmentation at a much greater frequency than you expect. As a result, you may have to restart the Exchange 2000 computer more frequently than you expect.
http://support.microsoft.com/default.aspx?scid=kb;en-us;828934
----"
Which Jay Little claimed he was "expert" on, & when I proved he was wrong on that much!
(And yes, even Dr. Mark Russinovich and on more than just this - in the end, Microsoft HAD TO BACK DOWN on "dedicate all free RAM to cache" in VISTA, now didn't they? Yes, they did, lol!)
He can't handle he was WRONG publicly in front of millions of readers!
I.E.-> On how memory optimization tech can unfreeze/unhalt frozen exchange servers & using Microsoft's OWN DOCUMENTATION TO PROVE IT!
(Some "exchange expert", eh? Not... that happens, due to memory fragmenation, which after a memory optimizer runs, the memory mgt. subsystem will reload the data from pagefile.sys into CONTIGUOUS BLOCKS, stopping that from happening...)
Funniest part is, Microsoft's OWN TOOL, clearmem.exe, which functions the same as a GUI memory optimizer, was the tool noted to do it!
LOL!
You had better find "better experts" to refer to... lol!
Jay Little, after THAT? He ran... well, not until he tried trolling me on another website NTCompatible.com & I blew him away on SSD/Ramdisks, and IRQL_NOT_LESS_THAN_OR_EQUAL_TO stopcode on BSODs... that means either a driver or hardware failure.. he blew it on THAT too!
3 in a row... again, find better "experts" to troll me with, because thusfar, after you avoided questions I asked in my post you first replied to here -> http://yro.slashdot.org/comments.pl?sid=2802947&cid=39771369 because your avoding them only shows that you are NOT very "expert" in the computer sciences @ all yourself!
Jay Little also got his website removed from his then hosting provider CrystalTech.com for making death threats to myself, and libeling me also... They told me he would just do it again, & he has...
The mark of FAIL online? Is not admitting what the REAL STORY IS, and fatboy Jay Little doesn't do THAT does he?? Nope.
You're not doing very well (piss poor is more like it, lol) - find better "experts" to go @ me with, because so far for you, it's been one HUGE "fail"...
APK
P.S.=> After Jay Little came into those forums trolling myself , along with Jeremy Reimer, another "fake-it-till-you-make-it" degreeless in the computer sciences moron who was:
1.) Off-topic the entire time trolling
2.) Libelled myself making 'songs' & edited 'pictures' of me
3.) Email harassed me repeatedly, and was put on a tracking ticket for email harassment by his ISP Shaw of Canada
4.) Impersonated myself on his website too
Then. a Detective Felton of the Vancouver British Columbia police force got wind of it? Reimer PROMPTLY stopped!
Reimer, like
Oh, on JAY LITTLE too? by Anonymous Coward · 2012-04-23 09:42 · Score: 0 · on Anonymous, People's Liberation Front Build Anonymous Data-Sharing Site

LMAO - he got DUSTED by me @ Windows IT Pro on Exchange Server http://www.windowsitpro.com/article/internals-and-architecture/the-memory-optimization-hoax
PERTINENT QUOTE:
"*******
XADM: The Extensible Storage Engine Database Engine Contributes to Virtual Memory Fragmentation Exchange 2000 Server, like many large scale programs, may experience virtual memory (VM) fragmentation. Over time, the server may not perform well, & you may not be able to mount storage groups because of VM fragmentation.
http://support.microsoft.com/default.aspx?scid=kb;en-us;324118
XADM: You Experience Excessive Virtual Memory Fragmentation on a Heavily Loaded Exchange Server Your Microsoft Exchange 2000 Server computer may experience virtual memory fragmentation at a much greater frequency than you expect. As a result, you may have to restart the Exchange 2000 computer more frequently than you expect.
http://support.microsoft.com/default.aspx?scid=kb;en-us;828934
----"
Which Jay Little claimed he was "expert" on, & when I proved he was wrong on that much!
(And yes, even Dr. Mark Russinovich and on more than just this - in the end, Microsoft HAD TO BACK DOWN on "dedicate all free RAM to cache" in VISTA, now didn't they? Yes, they did, lol!)
He can't handle he was WRONG publicly in front of millions of readers!
I.E.-> On how memory optimization tech can unfreeze/unhalt frozen exchange servers & using Microsoft's OWN DOCUMENTATION TO PROVE IT!
(Some "exchange expert", eh? Not... that happens, due to memory fragmenation, which after a memory optimizer runs, the memory mgt. subsystem will reload the data from pagefile.sys into CONTIGUOUS BLOCKS, stopping that from happening...)
Funniest part is, Microsoft's OWN TOOL, clearmem.exe, which functions the same as a GUI memory optimizer, was the tool noted to do it!
LOL!
You had better find "better experts" to refer to... lol!
Jay Little, after THAT? He ran... well, not until he tried trolling me on another website NTCompatible.com & I blew him away on SSD/Ramdisks, and IRQL_NOT_LESS_THAN_OR_EQUAL_TO stopcode on BSODs... that means either a driver or hardware failure.. he blew it on THAT too!
3 in a row... again, find better "experts" to troll me with, because thusfar, after you avoided questions I asked in my post you first replied to here -> http://yro.slashdot.org/comments.pl?sid=2802947&cid=39771369 because your avoding them only shows that you are NOT very "expert" in the computer sciences @ all yourself!
Jay Little also got his website removed from his then hosting provider CrystalTech.com for making death threats to myself, and libeling me also... They told me he would just do it again, & he has...
The mark of FAIL online? Is not admitting what the REAL STORY IS, and fatboy Jay Little doesn't do THAT does he?? Nope.
You're not doing very well (piss poor is more like it, lol) - find better "experts" to go @ me with, because so far for you, it's been one HUGE "fail"...
APK
P.S.=> After Jay Little came into those forums trolling myself , along with Jeremy Reimer, another "fake-it-till-you-make-it" degreeless in the computer sciences moron who was:
1.) Off-topic the entire time trolling
2.) Libelled myself making 'songs' & edited 'pictures' of me
3.) Email harassed me repeatedly, and was put on a tracking ticket for email harassment by his ISP Shaw of Canada
4.) Impersonated myself on his website too
Then. a Detective Felton of the Vancouver British Columbia police force got wind of it? Reimer PROMPTLY stopped!
Reimer, like
Re:Too bad if you actually want to receive calls by gl4ss · 2012-04-23 05:55 · Score: 1 · on Skype Finally Arrives On Microsoft Phones

You misunderstand or misapprehend. There DO exist APIs to perform background tasks as necessary (such as completing a download even though the user switched away, or continuing music playback). It IS the case that the DEFAULT behavior is to suspend. It is ALSO the case that apps may request, via specific APIs, some specific background functionality.
This is really little different from iOS.
ah that's the impression only until you try to implement something with them. here, take a look: http://msdn.microsoft.com/en-us/library/hh202942(v=vs.92).aspx
oh and no xna.* from bg tasks(yes there's a pretty common use case why you would want that..).
sure, there's also a bunch of api's you could use but if you use them you can't publish to market.
it's really different from iOS and totally different from android and just shit way of doing compared to symbian.
Has Rose-Hulman gone Mac since I graduated? by tepples · 2012-04-22 11:33 · Score: 1 · on The Artificial Life of the App Store

Been to any technical conferences or colleges lately?
Not lately, but when I attended Rose-Hulman, I don't think I saw more than six Macs in dorms. Every student had the school-issued laptop, and it ran Windows.

Now you are making up $200 out of thin air.
MSRP for Windows 7 retail. (The OEM version isn't for Macs.)
Re:Apple didn't issue fix 10.5, 16.5% of it's user by Anonymous Coward · 2012-04-20 22:37 · Score: 0 · on A Week After Apple's Fix, Flashback Still Infects Half a Million Macs

I haven't seen any in years.
Today at Woot Sellout section, they're offering 1.8ghz Dell desktops with WinXP for around $125. Two gig of RAM, too!
OEM licenses for XP are not legal to be sold after June 2008. If Woot is selling you software that is 4 years out of date, your beef is with Woot not Microsoft.
There was a further extension for starter edition for netbooks and developing markets to June 2010, but that is not the machine you are describing.
OFV makes non MS-origin docs unusable w/ MS apps by Anonymous Coward · 2012-04-19 23:12 · Score: 1 · on 12 Ways LibreOffice Writer Tops MS Word

Basically a canonical example of FUD: "If it's not from MS, don't trust it!".
You can explain to your Client or your Dad that "This is OK; I'm using LibreOffice". Explain to them the concept of FUD and how they're being made fools of by MS.
And if they choose to understand, it still won't matter. "Office said it's dangerous; I'm not putting it on my computer, and I don't have time to listen to you."
"Office File Validation is used to validate that Binary File Format files conform to the Microsoft Office File Format. The user will be notified of possible security risks if files fail to conform to the format."
To demonstrate...
Create or edit a document with a non-MS editor and save it in a MSOffice format e.g. .doc, .xls.
Now, try to open it in MSOffice 2010+ (or office 2003/2007 with the addin)
Depending on your configuration, you will see one of two messages:
“Office File Validation detected a problem while trying to open this file. Opening it may be dangerous”
“Office has detected a problem with this file. To help protect your computer this file cannot be opened.”
OFV makes non MS-origin docs unusable w/ MS apps by Anonymous Coward · 2012-04-19 23:12 · Score: 1 · on 12 Ways LibreOffice Writer Tops MS Word

Basically a canonical example of FUD: "If it's not from MS, don't trust it!".
You can explain to your Client or your Dad that "This is OK; I'm using LibreOffice". Explain to them the concept of FUD and how they're being made fools of by MS.
And if they choose to understand, it still won't matter. "Office said it's dangerous; I'm not putting it on my computer, and I don't have time to listen to you."
"Office File Validation is used to validate that Binary File Format files conform to the Microsoft Office File Format. The user will be notified of possible security risks if files fail to conform to the format."
To demonstrate...
Create or edit a document with a non-MS editor and save it in a MSOffice format e.g. .doc, .xls.
Now, try to open it in MSOffice 2010+ (or office 2003/2007 with the addin)
Depending on your configuration, you will see one of two messages:
“Office File Validation detected a problem while trying to open this file. Opening it may be dangerous”
“Office has detected a problem with this file. To help protect your computer this file cannot be opened.”
Re:Not necessiarly by shutdown+-p+now · 2012-04-19 19:49 · Score: 1 · on Neal Stephenson Takes Blame For Innovation Failure

Last time, you nearly had me convinced that Microsoft is too busy doing other things, and we should excuse them for their failure to implement C99 (or all of C++).
But have you SEEN what the Visual Studio team has been working on with 11? That god-forsaken UI is the ugliest thing I've seen since Motif. And at least with Motif you always knew where one button started and one button ended. ... If THAT is their excuse for not implementing C99, may they burn in hell. Or at least their project managers.
Well, it's not like there is a single monolithic "VS team". There are many different teams doing different things, and, most certainly, it's not the C++ team doing the new theme in VS11. In fact, even for the team that does (which would be VS Platform team, and more specifically Shell), most of the work is done by designers - there isn't much dev time spent there. And devs are not easily swappable, either - C++ team is, of course, mostly writing in C++, and they don't really care about much else; while theming work is 99% WPF/C#.
And yes, as far as the theme itself goes, I agree that it's ugly, and it's not like it's even "Metro" (which was the original excuse). Don't ask me how this got through dogfooding, either - I'm too bitter about that to be objective.
Well, at least the people responsible know about that by now... so it's not the end of that story yet.

Furthermore, some projects break when you try to import them from VS2010.

If a VS10 project fails to open in VS11, that's almost certainly a bug. If you have a LiveID or don't mind creating it, file it. If you'd rather not mess with LiveID, I can file it on your behalf.
Re:LaTeX by Gadget_Guy · 2012-04-19 12:48 · Score: 1 · on 12 Ways LibreOffice Writer Tops MS Word

Except if you want more than 255 columns. The Excel blows and Calc rocks.
Sure, in a 10 year old version of Excel. In one from 5 years ago, the column limit is 16,384. I guess the increase came with the 2007 file format.
Re:LaTeX by Gadget_Guy · 2012-04-19 12:48 · Score: 1 · on 12 Ways LibreOffice Writer Tops MS Word

Except if you want more than 255 columns. The Excel blows and Calc rocks.
Sure, in a 10 year old version of Excel. In one from 5 years ago, the column limit is 16,384. I guess the increase came with the 2007 file format.
Re:Am I the only one in the world that likes Ribbo by shutdown+-p+now · 2012-04-19 09:23 · Score: 1 · on 12 Ways LibreOffice Writer Tops MS Word

It's actually one feature that I'm surprised is not pervasive yet. Search over all commands in the application is extremely useful, especially for the more complicated suites like Office or VS.
It's slowly trickling down elsewhere - e.g. we've added something like it in VS11 (with more filtering features, but that's feasible because it's a product for developers who can handle and appreciate that complexity), and, I believe, most Java IDEs have had similar for a while now. But why not e.g. add it to the standard Win32 menu control? Or, in frameworks which have UI actions as first-class entities regardless of their placement (e.g. WPF commands, or Qt actions), provide a stock widget to search through all actions available in the current context.
Re:True choice by bartoku · 2012-04-18 17:50 · Score: 1 · on Operators: Nokia Would Sell Better With Android

No inside info here sorry.

I did not know the Microsoft deal had the precondition to dump Meego/Tizen, I figured it just had the precondition to produce a WP7 phone.

But I do not think the rumors of two new Nokia MeeGo phones would persist at all if Nokia had the precondition to dump Meego; although it appears the rumored phones will at best have the MeeGo GUI and run S40.

A little Google searching on the topic does not reveal any such agreement to abandon Meego, at most Nokia agreed to make Windows Phone its primary platform, do you have a sources to clarify that Nokia has to kill all in house MeeGo development? I hope I have not missed something: paidCOntent, Telegraph, CNet, The Next Web, Microsoft.

But I am sure that it is wishful thinking to think that Nokia will drop Windows Phone and get back behind MeeGo in full force any time soon, if ever...
handy IPv6 factoids by Anomalyst · 2012-04-17 09:33 · Score: 1 · on Apple Under Fire For Backing Off IPv6 Support

# http://technet.microsoft.com/en-us/library/cc783049(v=ws.10).aspx # default site local (FEC0) DNS server anycast addresses are: # FEC0:0:0:FFFF::1 # FEC0:0:0:FFFF::2 # FEC0:0:0:FFFF::3 # # IPv6 Host Address Block prefix #sorry for the obfuscation, stupid /. filters #XXXusingfwewerjunkcharactersusingfewerju-1 #-usingfewr-1-aa-3-bb-4-cc-6-dd-8-ee-9-ff-1 #-usingfewr-6-ee-2-ff-8-gg-4-hh-0-ii-6-jj-2 V6HABP=FDFD:DEAD:BEEF:CAFE:DEAD:BEEF:CAFE:0::
Re:Files are not the best representation of code.. by godefroi · 2012-04-16 01:39 · Score: 5, Interesting · on Light Table: A New Spin on the IDE

You mean, like Code Canvas?
http://research.microsoft.com/en-us/projects/codecanvas/
Fix Available by Frankie70 · 2012-04-14 11:27 · Score: 5, Funny · on New Targeted Mac OS X Trojan Requires No User Interaction

Fix available here.
Re:Possible languages to choose from by sttlmark · 2012-04-12 08:25 · Score: 1 · on Ask Slashdot: Best Book For 11-Year-Old Who Wants To Teach Himself To Program?

If you go the MS route, I'd suggest that he gets his feet wet in Microsoft's Small Basic rather than dive into C#:
http://msdn.microsoft.com/en-us/beginner/ff384126.aspx
Small Basic is a simple QBasic-inspired language that runs in the .NET CLR that's designed with kids in mind, right down to the non-threatening IDE. The site points you to a decent curriculum and community, too. It's very friendly and has a low barrier to entry--he can start making his programs do interesting things almost immediately.
Re:Y2K all over again by LinuxIsGarbage · 2012-04-12 08:03 · Score: 2 · on Data Center Staff Will Sleep Among the Racks For London Olympics

I think you could even keep a Windows 95 machine running for a month.
But certainly not 49.8 days!
http://support.microsoft.com/kb/216641
Re:Just wondering about activation by LinuxIsGarbage · 2012-04-12 07:56 · Score: 2 · on End of Windows XP Support Era Signals Beginning of Security Nightmare

As a case study, at the end of it's life "Money Plus" had activation bits removed and Microsoft released a "Sunset" version which did not require activation:
http://www.microsoft.com/download/en/details.aspx?id=20738
Office XP is the first mainstream product requiring activation that has left the extended support phase of the lifecycle. The activation and update servers for it are still live.
I believe Microsoft has on several occasions said they will provide "golden key", patch, or whatever to work around Activation if they deem keeping the servers online not feasible. Probably once market share is negligible which will likely be past 2014 (maybe closer to 2020?)
I believe Windows update servers are still online for Windows 98.
As far as a patch, in the seedy underworld, WinXP workarounds that aren't VL or SLP based are based on loading a tiny driver that tricks the Activation bits into thinking the OS was booted into safe mode (Activation checks aren't done in safe mode).
Re:What about XP mode in Windows 7 by JDG1980 · 2012-04-12 01:52 · Score: 1 · on End of Windows XP Support Era Signals Beginning of Security Nightmare

Unfortunately IE6/7/8 will live on and I have nightmares that we will be supporting them until 2038...
Support for IE6 ends at the same time as support for XP. The only reason Microsoft has supported it this long is that it's considered to be a "component" of XP, and XP is still under support until 2014. See http://support.microsoft.com/gp/lifewinfaq for details.
Re:Microsoft Deserves It by sootman · 2012-04-12 01:14 · Score: 3, Informative · on Assessing Media Bias: Microsoft Vs. Everyone Else

Here's a link for you. Is "microsoft.com" a good enough source? http://technet.microsoft.com/en-us/library/cc263526.aspx
"Microsoft SharePoint Server 2010 supports several commonly used Web browsers. This article describes different levels of Web browser support [emphasis mine], browser compatibility for published sites, and how ActiveX controls affect features... SharePoint Server 2010 supports several commonly used Web browsers. However, certain Web browsers might cause some SharePoint Server 2010 functionality to be downgraded, limited, or available only through alternative steps."
There's more to the world than just IE and Firefox on Windows. I work in a large publishing company (1,000s of employees) and we're close to 50% Mac overall. (And it's about 90% in design, production, etc.--you know, the departments that actually make what the company sells.) There is a LOT of key stuff in SP that doesn't work, or doesn't work well, on a Mac.
And in other news, here's how MS thinks Wiki software (and HTML in general) should work.
http://imgur.com/IaHTb
1) The whole point of Wikis is that you can edit them WITHOUT knowing HTML -- just use *, #, etc.
2) <strong> and <b> tags?!?!? <font> tags in 2012? Makes me want to shoot myself in the back of the head... twice.
Re:What about XP mode in Windows 7 by memzer · 2012-04-11 19:45 · Score: 5, Informative · on End of Windows XP Support Era Signals Beginning of Security Nightmare

http://www.microsoft.com/windows/virtual-pc/support/faq.aspx

Is Windows XP Mode supported throughout the lifecycle of Windows 7?
No. Windows XP Mode is a full virtual version of Windows XP and follows the same support lifecycle as Windows XP. Windows XP extended support phase ends in 2014.

Unfortunately IE6/7/8 will live on and I have nightmares that we will be supporting them until 2038...
Settings for Windows users vs. DoS/DDoS by Anonymous Coward · 2012-04-10 02:35 · Score: 0 · on Ask Slashdot: Experience Handling DDoS Attacks On a Mid-Tier Site?

Protect Against SYN Attacks
FROM -> http://msdn.microsoft.com/en-us/library/ff648853.aspx
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name: SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
These keys and values are:
Value name: TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0-65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name: TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name: TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name: TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0-255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name: TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0-65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name: EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.
Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name: KeepAliveTime
Recommended value data: 300000
Valid values: 80-4294967295
Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
APK
P.S.=> Folks here are also pointing out various hardware/network-side protective measures too, & never over
Re:in b4 lawsuit by CaptSlaq · 2012-04-10 02:33 · Score: 1 · on Windows 8 Metro Theme Created For Rooted Android Tablets

As a tablet or smartphone UI, actually it's pretty good. I still prefer Android, but I can understand why people would like Metro. A lot of the texting, e-mail, etc. widgets that people use on Android would not be necessary on Metro, because of the way it presents the tile for an app. (basically, no icons, everything is a widget).
As a desktop UI, you have to ask what the hell they were smoking. Something designed for touchscreen input on a 4" device does *not* scale to a 24" screen with a keyboard/mouse. While it's usable, it would be very counter-productive to anybody who's comfortable with the mouse, because they would have to scroll through pages of tiles to find the one they want. I don't think it's going to be the unmitigated disaster that everybody says it's going to be, but I do think that "how to turn Metro off" will replace porn as the number 1 Google search for a while after it launches.
While I agree that contextually it doesn't work well with a mouse, on something like this it does make some sense. Perhaps someone at Microsoft thinks the mouse is a dead end UI wise?
This could be something that points to the fact that they think that Surface will start to make some inroads at some point as well. Metro makes some sense for it in the same manner it does for the HP piece above, and all the tablet stuff.
This then introduces the idea that Microsoft is embracing the tablet as the desktop replacement, which leads down to a whole different list of interesting conversations.
Settings for Windows users vs. DoS/DDoS by Anonymous Coward · 2012-04-10 02:10 · Score: 0 · on Ask Slashdot: Experience Handling DDoS Attacks On a Mid-Tier Site?

Protect Against SYN Attacks
FROM -> http://msdn.microsoft.com/en-us/library/ff648853.aspx
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name: SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
These keys and values are:
Value name: TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0-65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name: TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name: TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name: TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0-255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name: TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0-65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name: EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.
Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name: KeepAliveTime
Recommended value data: 300000
Valid values: 80-4294967295
Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
APK
P.S.=> Folks here are also pointing out various hardware/network-side protective measures too, & never over
Settings for Windows users vs. DoS/DDoS by Anonymous Coward · 2012-04-10 02:07 · Score: -1 · on Ask Slashdot: Experience Handling DDoS Attacks On a Mid-Tier Site?

Protect Against SYN Attacks
FROM -> http://msdn.microsoft.com/en-us/library/ff648853.aspx
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name: SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
These keys and values are:
Value name: TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0-65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name: TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name: TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name: TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0-255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name: TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0-65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name: EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.
Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name: KeepAliveTime
Recommended value data: 300000
Valid values: 80-4294967295
Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
APK
P.S.=> Folks here are also pointing out various hardware/network-side protective measures too, & never over
Settings 4 Windows users vs. DoS/DDoS by Anonymous Coward · 2012-04-10 02:05 · Score: -1 · on Ask Slashdot: Experience Handling DDoS Attacks On a Mid-Tier Site?

Protect Against SYN Attacks
FROM -> http://msdn.microsoft.com/en-us/library/ff648853.aspx
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name: SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
These keys and values are:
Value name: TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0-65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name: TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name: TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name: TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0-255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name: TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0-65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name: EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.
Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name: KeepAliveTime
Recommended value data: 300000
Valid values: 80-4294967295
Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
APK
P.S.=> Folks here are also pointing out various hardware/network-side protective measures too, & never over
Windows settings vs. DoS/DDoS by Anonymous Coward · 2012-04-10 02:02 · Score: 0 · on Ask Slashdot: Experience Handling DDoS Attacks On a Mid-Tier Site?

Protect Against SYN Attacks
FROM -> http://msdn.microsoft.com/en-us/library/ff648853.aspx
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name: SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
These keys and values are:
Value name: TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0-65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name: TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name: TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name: TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0-255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name: TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0-65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name: EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.
Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name: KeepAliveTime
Recommended value data: 300000
Valid values: 80-4294967295
Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
APK
P.S.=> Folks here are also pointing out various hardware/network-side protective measures too, & never over
Settings for Windows users vs. DoS/DDoS by Anonymous Coward · 2012-04-10 02:00 · Score: 0 · on Ask Slashdot: Experience Handling DDoS Attacks On a Mid-Tier Site?

Protect Against SYN Attacks
FROM -> http://msdn.microsoft.com/en-us/library/ff648853.aspx
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name: SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
These keys and values are:
Value name: TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0-65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name: TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name: TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name: TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0-255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name: TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0-65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name: EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.
Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name: KeepAliveTime
Recommended value data: 300000
Valid values: 80-4294967295
Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
APK
P.S.=> Folks here are also pointing out various hardware/network-side protective measures too, & never over
Settings for Windows users vs. DoS/DDoS by Anonymous Coward · 2012-04-10 01:58 · Score: 0 · on Ask Slashdot: Experience Handling DDoS Attacks On a Mid-Tier Site?

Protect Against SYN Attacks
FROM -> http://msdn.microsoft.com/en-us/library/ff648853.aspx
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name: SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
These keys and values are:
Value name: TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0-65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name: TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name: TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name: TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0-255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name: TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0-65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name: EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.
Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name: KeepAliveTime
Recommended value data: 300000
Valid values: 80-4294967295
Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
APK
P.S.=> Folks here are also pointing out various hardware/network-side protective measures too, & never over
Settings for Windows users vs. DoS/DDoS by Anonymous Coward · 2012-04-10 01:56 · Score: 0 · on Ask Slashdot: Experience Handling DDoS Attacks On a Mid-Tier Site?

Protect Against SYN Attacks
FROM -> http://msdn.microsoft.com/en-us/library/ff648853.aspx
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name: SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
These keys and values are:
Value name: TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0-65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name: TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name: TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name: TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0-255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name: TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0-65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name: EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.
Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name: KeepAliveTime
Recommended value data: 300000
Valid values: 80-4294967295
Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
APK
P.S.=> Folks here are also pointing out various hardware/network-side protective measures too, & never over
Settings 4 Windows users vs. DoS/DDoS by Anonymous Coward · 2012-04-10 01:53 · Score: 0 · on Ask Slashdot: Experience Handling DDoS Attacks On a Mid-Tier Site?

Protect Against SYN Attacks
FROM -> http://msdn.microsoft.com/en-us/library/ff648853.aspx
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name: SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
These keys and values are:
Value name: TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0-65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name: TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name: TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name: TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0-255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name: TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0-65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name: EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.
Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name: KeepAliveTime
Recommended value data: 300000
Valid values: 80-4294967295
Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
APK
P.S.=> Folks here are also pointing out various hardware/network-side protective measures too, & never over
4 Windows users: Settings that help vs. DDoS by Anonymous Coward · 2012-04-10 01:51 · Score: 0 · on Ask Slashdot: Experience Handling DDoS Attacks On a Mid-Tier Site?

Protect Against SYN Attacks
FROM -> http://msdn.microsoft.com/en-us/library/ff648853.aspx
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name: SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
These keys and values are:
Value name: TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0-65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name: TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name: TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name: TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0-255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name: TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0-65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name: EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.
Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name: KeepAliveTime
Recommended value data: 300000
Valid values: 80-4294967295
Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
APK
P.S.=> Folks here are also pointing out various hardware/network-side protective measures too, & never over
4 Windows users: Settings that HELP vs. DDoS by Anonymous Coward · 2012-04-10 01:48 · Score: -1 · on Ask Slashdot: Experience Handling DDoS Attacks On a Mid-Tier Site?

Protect Against SYN Attacks
FROM -> http://msdn.microsoft.com/en-us/library/ff648853.aspx
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name: SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters
These keys and values are:
Value name: TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0-65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name: TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name: TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80-65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name: TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0-255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name: TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0-65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name: EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.
Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name: KeepAliveTime
Recommended value data: 300000
Valid values: 80-4294967295
Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
APK
P.S.=> Folks here are also pointing out various hardware/network-side protective measures too, & never over