Users experience delays in voice communications or in streaming video after you set the SynAttackProtect registry value in Windows 2000 (891632)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Advanced Server

SYMPTOMS

Users who connect to a server experience delays in voice communications or in streaming video. This symptom occurs when you configure a server for one of the following purposes:
  • Voice Over Internet Protocol (VoIP) communications
  • Streaming video
This symptom occurs if the following conditions are true:
  • The server is a Microsoft Windows 2000-based computer.
  • You previously set the SynAttackProtect registry value on this server to 2.
However, if you set the SynAttackProtect registry value to zero (0), users no longer experience these delays.

Note For more information about the SynAttackProtect registry value, see the "More Information" section.

CAUSE

This problem occurs because the SynAttackProtect registry value is set to 2. Because of this setting, the following events occur:
  1. A service requests the Type of Service (TOS) flag for an initial TCP connection.
  2. Windows does not set the TOS flag on the initial TCP connection.
For example, consider the following scenario:
  1. You use Server A for voice data or for streaming video.
  2. You set the TOS flag to Critical in the IP header of every TCP packet that is sent from Server A.
  3. A client computer sends a TCP SYN packet to Server A.
  4. Server A tries to set the TOS flag to Critical on the ACK-SYN reply packet.
  5. If the SynAttackProtect registry value is set to 2 on Server A, Server A incorrectly sets the TOS flag to Normal on the initial TCP ACK-SYN reply packet.

    Note In this scenario, Server A should set the TOS flag to Critical on this initial TCP ACK-SYN packet.
  6. Subsequent packets from Server A have the TOS flag set correctly to Critical.
In this scenario, if you have a congested network, users may experience delays in VOIP communications or in streaming video communications. This delay occurs because the TOS flag is incorrectly set on the initial TCP connection.

RESOLUTION

To resolve this problem, you must install security update 893066 on the computer.

Note Security update 893066 is described in security bulletin MS05-019. For more information about security bulletin MS05-019, click the following article number to view the article in the Microsoft Knowledge Base:

893066 MS05-019: Vulnerabilities in TCP/IP could allow remote code execution and denial of service

MORE INFORMATION

The SynAttackProtect registry value is located under the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

For more information about how to configure the SynAttackProtect registry value, see the Windows 2000 Security Hardening Guide. To obtain this guide, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=15E83186-A2C8-4C8F-A9D0-A0201F639A56&DisplayLang=en

Modification Type:MajorLast Reviewed:7/17/2006
Keywords:kbtshoot KB891632 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.