Windows XP and 2000 Tips & Tricks UPDATE, December 30, 2002

Windows XP and 2000 Tips & Tricks UPDATE—brought to you by the Windows & .NET Magazine Network and the Windows 2000 FAQ site
http://www.windows2000faq.com


THIS ISSUE SPONSORED BY

Windows & .NET Magazine - Exclusive Rate
http://www.winnetmag.com/rd.cfm?code=nfei202lup


SPONSOR: WINDOWS & .NET MAGAZINE - EXCLUSIVE RATE

HERE'S AN OFFER YOU CAN'T AFFORD TO PASS UP!
For a limited time, you can get an exclusive $19.95 rate to one year of Windows & .NET Magazine. That's only $1.66 an issue in the US—a whopping 60% off our regular rate. This offer won't be around forever, so subscribe today at
http://www.winnetmag.com/rd.cfm?code=nfei202lup


December 30, 2002—In this issue:

1. COMMENTARY

2. FAQS

  • Q. How can I use the percent (%) sign in a batch file?
  • Q. How can I create a registry link?
  • Q. What's a SYN attack?
  • Q. How can I protect my system from a Denial of Service (DoS) attack?
  • Q. Why do I receive an error when I attempt to run the Windows .NET Server (Win.NET Server) 2003 Administration Tools under Windows XP?

3. ANNOUNCEMENTS

  • Give Us Your Feedback and You Could Win a Digital Camera
  • Get the New Windows & .NET Magazine Network Super CD/VIP!

4. CONTACT US

  • See this section for a list of ways to contact us.

1. COMMENTARY
(contributed by John Savill, FAQ Editor, [email protected])

This week, I explain how to use the percent (%) sign in a batch file and how to create a registry link. I also describe a SYN attack, how to protect yourself against Denial of Service (DoS) attacks, and why you might receive an error when attempting to run the Windows .NET Server (Win.NET Server) 2003 Administration Tools under Windows XP.

2. FAQS

  • Q. How can I use the percent (%) sign in a batch file?
  • A. Although you can use the % sign to specify a variable in a batch file, you must type two % signs in succession. For example, you must type

    for /L %%n IN (1,1,10) DO @ECHO %%n

    to tell the batch file to interpret the command as

    for /L %n IN (1 1 10) DO @ECHO %n

    If you simply want to output the % sign from a batch file, you must also type two % sign in succession. For example, type

    echo 10%%

    to display

    10%

    The standard % signs that surround an environment variable remain the same, regardless of whether you're typing them at a command prompt or including them in a batch file. For example, type

    echo %date%

    to display the date.

    Q. How can I create a registry link?

    A. Similar to file shortcuts that point to an actual file, registry links create a symbolic link from a virtual path to an actual path. You might have seen these links in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet registry subkey, which is a link to one of the ControlSets under the same parent location, and the HKEY_CURRENT_USER registry key, which points to a path under HKEY_USERS\<SID of current user> registry subkey.

    Both of these registry links are of type REG_LINK, but you can't use standard registry tools to create this internal type. However, a freeware utility, Regln, available from the NTinternals Team at http://www.ntinternals.net/regln lets you create registry links. Be sure to read the instructions before you dive in, and treat this utility with care; otherwise, you might cause serious damage to your machine.

  • Q. What's a SYN attack?
  • A. The SYN (TCP connection request) attack is a common Denial of Service (DoS) technique characterized by the following pattern:

    1. Using a spoofed IP address not in use on the Internet, an attacker sends multiple SYN packets to the target machine.
    2. For each SYN packet received, the target machine allocates resources and sends an acknowledgement (SYN-ACK) to the source IP address.
    3. Because the target machine doesn't receive a response from the attacking machine, it attempts to resend the SYN-ACK five times, at 3-, 6-, 12-, 24-, and 48-second intervals, before unallocating the resources 96 seconds after attempting the last retry. If you add the numbers all together, you can see that the target machine allocates resources for more than 3 minutes to respond to just one SYN attack.

    When an attacker uses this technique repeatedly, the target machine eventually runs out of resources and is unable to handle any more connections, thereby denying service to legitimate users.

    To determine whether your systems might be vulnerable to this type of attack, from the command prompt type

    netstat -n -p tcp

    Look at the output for entries in a state of SYN_RECEIVED. If you notice multiple entries, your system is vulnerable to attack. For information on how to protect yourself from such DoS attacks, see the next FAQ.

  • Q. How can I protect my system from a Denial of Service (DoS) attack?
  • A. Firewall products can protect your machines from DoS attacks, and you should use a firewall whenever possible. However, built-in Windows functionality can also help protect against DoS attacks and quickly time out SYN requests. To enable this functionality, perform the following steps:

    1. Start a registry editor (e.g., regedit.exe).
    2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters registry subkey.
    3. From the Edit menu, select New, DWORD Value.
    4. Enter the name SynAttackProtect, then press Enter.
    5. Double-click the new value, set it to 2, then click OK.
    6. Close the registry editor.
    7. Reboot the machine.

    The SynAttackProtect default value is 0, which offers no protection. A value of 1 limits the number of SYN retries and delays the route cache entry when the maximum number of open TCP connections (i.e., the connections in the SYN_RECEIVED state known as TcpMaxHalfOpen) and retries (i.e., TcpMaxHalfOpenRetried) have been met. When SynAttackProtect has a value of 2, the effect is similar to when the value is set to 1 but includes a delayed Winsock notification until the 3-way handshake involved in the SYN process is finished. Because Windows invokes the SynAttackProtect value only after the system exceeds the TcpMaxHalfOpen and TcpMaxHalfOpenRetried values, I recommend that you also create the TcpMaxHalfOpen and TcpMaxHalfOpenRetried values under the same registry key (both DWORD values) and set them to 100 and 80, respectively.

  • Q. Why do I receive an error when I attempt to run the Windows .NET Server (Win.NET Server) 2003 Administration Tools under Windows XP?
  • A. Win.NET Server includes several updated XP files, including dsprop.dll. The Administration Tools require the Win.NET Server version of this file because the base XP version doesn't contain necessary functions. XP Service Pack 1 (SP1) contains the Win.NET Server version of the file, so you must install XP SP1 before you attempt to install the Win.NET Server Administration Tools under XP. You can download the Administration Tools at http://download.microsoft.com/download/5/2/b/52bbe553-bae6-41e0-a82d-30d30145c1ee/rc2-adminpak.exe .

    3. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • GIVE US YOUR FEEDBACK AND YOU COULD WIN A DIGITAL CAMERA

  • Take our very brief, confidential survey on wireless technologies and you could win a digital camera. Click here!
    http://www.zoomerang.com/survey.zgi?C1YJGJE04CPQ440T7CF15M4V

  • GET THE NEW WINDOWS & .NET MAGAZINE NETWORK SUPER CD/VIP!

  • Everyone can appreciate a bargain in today's economy. That's why we've introduced the Windows & .NET Magazine Super CD/VIP Web site. You get exclusive subscriber-only access to all our publications through our new VIP Web site. Plus, you get Super CDs delivered twice a year, and we'll even throw in a 1-year print subscription to the magazine! The Super CD/VIP is a $545 value for just $279. Subscribe today!
    http://www.winnetmag.com/rd.cfm?code=wvei272lup

    4. CONTACT US
    Here's how to reach us with your comments and questions:

    (please mention the newsletter name in the subject line)

    This weekly email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.winnetmag.com/sub.cfm?code=wswi201x1z

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish