Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: services.exe modifying synattackprotect?

From: Style War <stylewar () hotmail com>
Date: Fri, 10 Dec 2010 17:03:21 +0000

Likely normal. The article below states that when TcpMaxConnectResponseRetransmissions is at least 2, this registry 
item is used....http://technet.microsoft.com/en-us/library/cc781167(WS.10).aspx


Date: Thu, 9 Dec 2010 17:23:27 +0000
From: techlists () comcast net
CC: pen-test () securityfocus com
Subject: services.exe modifying synattackprotect?

Why would 'C:\Windows\system32\services.exe' be trying to change the following registry key?

\REGISTRY\MACHINE\SYSTEM\ControlSet\SERVICES\TCPIP\PARAMETERS\SYNATTACKPROTECT

Is this an indication of an attack or a normal part of the 'services.exe' process?

PG 

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


                                          
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: