Recent scan identified the following vulnerability and i did not find any valid information associated to it.
Appreciate quick help on this.
"Microsoft Windows TCP Parameters, TCP/IP Hardening Guidelines"
The Threat and Solution section of this QID 90128 contains detailed information on hardening your TCP/IP stack.
From the QID:
You can harden the TCP/IP stack on a Windows 2000/2003 or Windows XP computer by customizing these registry values, which are stored in the registry key: HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
EnablePMTUDiscovery: Determines whether path MTU discovery is enabled (1), in which case TCP attempts to discover the largest packet size over the path to a remote host. When path MTU discovery is disabled (0), the path MTU for all TCP connections will be fixed at 576 bytes.
DisableIPSourceRouting: Determines whether a computer allows clients to predetermine the route that packets take to their destination. When this value is set to 2, the computer will disable source routing for IP packets.
NoNameReleaseOnDemand: Determines whether the computer will release its NetBIOS name if requested by another computer or a malicious packet attempting to hijack the computer's NetBIOS name. This is configured under HKLM\System\CurrentControlSet\Services\Netbt\Parameters
PerformRouterDiscovery: Determines whether the computer performs router discovery on this interface. Router discovery solicits router information from the network and adds the information retrieved to the route table. Setting this value to 0 will prevent the interface from performing router discovery.
EnableDeadGWDetect: Determines whether the computer will attempt to detect dead gateways. When dead gateway detection is enabled (by setting this value to 1), TCP might ask IP to change to a backup gateway if a number of connections are experiencing difficulty. Backup gateways are defined in the TCP/IP configuration dialog box in the Network Control Panel for each adapter. When you leave this setting enabled, it's possible for an attacker to redirect the server to a gateway of his choosing.
EnableICMPRedirect: When ICMP redirects are disabled (by setting the value to 0), attackers cannot carry out attacks that require a host to redirect the ICMP-based attack to a third party.
SynAttackProtect: Enables SYN flood protection in Windows 2000 and Windows XP. You can set this value to 0, 1, or 2. The default setting 0 provides no protection. Setting the value to 1 will activate SYN/ACK protection contained in the TCPMaxPortsExhausted, TCPMaxHalfOpen, and TCPMaxHalfOpenRetried values. Setting the value to 2 will protect against SYN/ACK attacks by more aggressively timing out open and half-open connections. For Windows 2003, the recommended value is 1.
TCPMaxConnectResponseRetransmissions: Determines how many times TCP retransmits an unanswered SYN/ACK message. TCP retransmits acknowledgments until the number of retransmissions specified by this value is reached.
TCPMaxHalfOpen: Determines how many connections the server can maintain in the half-open state before TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server, that is when the value of the SynAttackProtect entry is 1 or 2 and the value of the TCPMaxConnectResponseRetransmissions entry is at least 2.
TCPMaxHalfOpenRetired: Determines how many connections the server can maintain in the half open state even after a connection request has been retransmitted. If the number of connections exceeds the value of this entry, TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server, that is when the value of the SynAttackProtect entry is 1 and the value of the TCPMaxConnectResponseRetransmissions entry is at least 2.
Refer to the Microsoft Security Topics document called How To: Harden the TCP/IP Stack for a detailed description of these parameters and other impacts these might have before deploying these settings.
Retrieving data ...