Author Topic: Cablenut & AT&T 6 Mbps  (Read 4642 times)

Offline Curt

  • Junior Nut
  • **
  • Posts: 82
Cablenut & AT&T 6 Mbps
« on: August 23, 2010, 09:02:59 am »
I'm using the T3 settings w/ Windows XP in Cablenut with my AT&T high speed Internet service. The speed is 6 Mbps. Is this the best setting for me to use?

Offline mccoffee

  • Administrator Nut
  • Certifiable Nut
  • *****
  • Posts: 3938
Re: Cablenut & AT&T 6 Mbps
« Reply #1 on: August 23, 2010, 11:42:28 am »
I would use ool one or the 20mbs and above try them both see what works better.

Offline Curt

  • Junior Nut
  • **
  • Posts: 82
Re: Cablenut & AT&T 6 Mbps
« Reply #2 on: December 07, 2010, 03:40:35 pm »
These are the Cablenut settings that are working best for me:

DefaultReceiveWindow = 921600
DefaultSendWindow = 102400
DisableAddressSharing = 1
InitialLargeBufferCount = 200
InitialMediumBufferCount = 480
InitialSmallBufferCount = 640
LargeBufferSize = 819200
MaxFastTransmit = 64000
MediumBufferSize = 150400
Priority Boost = 0
SmallBufferSize = 12800
TransmitWorker = 32
FastSendDatagramThreshhold = 1024
EnableFastRouteLookup = 1
EnablePMTUDiscovery = 1
IgnorePushBitsOnReceives = 0
GlobalMaxTcpWindowSize = 128480
MaxFreeTcbs = 8000
MaxHashTableSize = 16384
MaxNormLookupMemory = 5000000
SackOpts = 1
SynAttackProtect = 1
Tcp1323Opts = 1
TcpLogLevel = 1
TcpMaxDupAttacks = 3
TcpMaxHalfOpen = 100
TcpMaxHalfOpenRetired = 80
TcpRecvSegmentSize = 1460
TcpSendSegmentSize = 1460
TcpTimedWaitDelay = 30
TcpUseRFC1122UrgentPointer = 0
TcpWindowSize = 128480
MaxConnectionsPer1_0Server = 20
MaxConnectionsPerServer = 10
DefaultTimeToLive = 64
DefaultUserTOSSetting = 0
TcpMaxDataRetransmissions = 6
DefaultTOSValue = 240
« Last Edit: April 05, 2014, 12:35:38 pm by Curt »

Offline Curt

  • Junior Nut
  • **
  • Posts: 82
Re: Cablenut & AT&T 6 Mbps
« Reply #3 on: December 09, 2010, 12:03:02 pm »
I'm now using the default OOL 10000 1000.ccs file located in CABLENUT_UPDATE\WinXP_2K_CABLE and my downloads and web surfing seem to be faster than the above settings:

DefaultReceiveWindow = 921600
DefaultSendWindow = 102400
DisableAddressSharing = 1
InitialLargeBufferCount = 100
InitialMediumBufferCount = 240
InitialSmallBufferCount = 320
LargeBufferSize = 81920
MaxFastTransmit = 64000
MediumBufferSize = 15040
Priority Boost = 0
SmallBufferSize = 1280
TransmitWorker = 32
FastSendDatagramThreshhold = 1024
EnableFastRouteLookup = 1
EnablePMTUDiscovery = 1
IgnorePushBitsOnReceives = 0
GlobalMaxTcpWindowSize = 128480
MaxFreeTcbs = 8000
MaxHashTableSize = 16384
MaxNormLookupMemory = 5000000
SackOpts = 1
SynAttackProtect = 1
Tcp1323Opts = 1
TcpLogLevel = 1
TcpMaxDupAttacks = 3
TcpMaxHalfOpen = 100
TcpMaxHalfOpenRetired = 80
TcpRecvSegmentSize = 1460
TcpSendSegmentSize = 1460
TcpTimedWaitDelay = 30
TcpUseRFC1122UrgentPointer = 0
TcpWindowSize = 128480
MaxConnectionsPer1_0Server = 20
MaxConnectionsPerServer = 10
DefaultTimeToLive = 64
DefaultUserTOSSetting = 0
TcpMaxDataRetransmissions = 6
DefaultTOSValue = 92
« Last Edit: April 05, 2014, 12:36:09 pm by Curt »

Offline Curt

  • Junior Nut
  • **
  • Posts: 82
Re: Cablenut & AT&T 6 Mbps
« Reply #4 on: April 05, 2014, 12:34:22 pm »
After using the above settings in Cablenut all these years I have further experimented with increasing my DSL speed. My speed seemed like it got faster and less jerky after adding the "Protect Against SYN Attacks" tweaks below. After using Cablenut manually add these settings in the registry:

Protect Against SYN Attacks
A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.
To protect the network against SYN attacks, follow these generalized steps, explained later in this document:
Enable SYN attack protection
Set SYN protection thresholds
Set additional protections
Enable SYN Attack Protection
The named value to enable SYN attack protection is located beneath the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.
Value name:SynAttackProtect
Recommended value: 2
Valid values: 0, 1, 2
Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.
Set SYN Protection Thresholds
The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name:TcpMaxPortsExhausted
Recommended value: 5
Valid values: 0–65535
Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
Value name:TcpMaxHalfOpen
Recommended value data: 500
Valid values: 100–65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Value name:TcpMaxHalfOpenRetried
Recommended value data: 400
Valid values: 80–65535
Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.
Set Additional Protections
All the keys and values in this section are located under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:
Value name:TcpMaxConnectResponseRetransmissions
Recommended value data: 2
Valid values: 0–255
Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.
Value name:TcpMaxDataRetransmissions
Recommended value data: 2
Valid values: 0–65535
Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.
Value name:EnablePMTUDiscovery
Recommended value data: 0
Valid values: 0, 1
Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack. Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.
Value name:KeepAliveTime
Recommended value data: 300000
Valid values: 80–4294967295
Description: Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
Set NetBIOS Protections
All the keys and values in this section are located under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters. These keys and values are:
Value name:NoNameReleaseOnDemand
Recommended value data: 1
Valid values: 0, 1
Description: Specifies to not release the NetBIOS name of a computer when it receives a name-release request.
Use the values that are summarized in Table 1 for maximum protection.
Table 1 Recommended Values
 
Value Name   Value (REG_DWORD)      
SynAttackProtect   2      
TcpMaxPortsExhausted   1      
TcpMaxHalfOpen   500      
TcpMaxHalfOpenRetried   400      
TcpMaxConnectResponseRetransmissions   2      
TcpMaxDataRetransmissions   2      
EnablePMTUDiscovery   0      
KeepAliveTime   300000 (5 minutes)      
NoNameReleaseOnDemand   1   
Protect Against ICMP Attacks
The named value in this section is under the registry key HKLM\System\CurrentControlSet\Services\TcpIp\Parameters
Value:EnableICMPRedirect
Recommended value data: 0
Valid values: 0 (disabled), 1 (enabled)
Description: Modifying this registry value to 0 prevents the creation of expensive host routes when an ICMP redirect packet is received.
Use the value summarized in Table 2 for maximum protection:
Table 2 Recommended Values
 
Value Name   Value (REG_DWORD)      
EnableICMPRedirect   0   
Protect Against SNMP Attacks
The named value in this section is located under the registry key HKLM\System\CurrentControlSet\Services\Tcpip\Parameters.
Value:EnableDeadGWDetect
Recommended value data: 0
Valid values: 0 (disabled), 1, (enabled)
Description: Prevents an attacker from forcing the switching to a secondary gateway
Use the value summarized in Table 3 for maximum protection.
Table 3 Recommended Values
 
Value Name   Value (REG_DWORD)      
EnableDeadGWDetect   0   
AFD.SYS Protections
The following keys specify parameters for the kernel mode driver Afd.sys. Afd.sys is used to support Windows sockets applications. All of the keys and values in this section are located under the registry key HKLM\System\CurrentControlSet\Services\AFD\Parameters. These keys and values are:
Value:EnableDynamicBacklog
Recommended value data: 1
Valid values: 0 (disabled), 1 (enabled)
Description: Specifies AFD.SYS functionality to withstand large numbers of SYN_RCVD connections efficiently. For more information, see "Internet Server Unavailable Because of Malicious SYN Attacks," at http://support.microsoft.com/default.aspx?scid=kb;en-us;142641.
Value name:MinimumDynamicBacklog
Recommended value data: 20
Valid values: 0–4294967295
Description: Specifies the minimum number of free connections allowed on a listening endpoint. If the number of free connections drops below this value, a thread is queued to create additional free connections
Value name: MaximumDynamicBacklog
Recommended value data: 20000
Valid values: 0–4294967295
Description: Specifies the maximum total amount of both free connections plus those in the SYN_RCVD state.
Value name:DynamicBacklogGrowthDelta
Recommended value data: 10
Valid values: 0–4294967295
Present by default: No
Description: Specifies the number of free connections to create when additional connections are necessary.
Use the values summarized in Table 4 for maximum protection.
Table 4 Recommended Values
 
Value Name   Value (REG_DWORD)      
EnableDynamicBacklog   1      
MinimumDynamicBacklog   20      
MaximumDynamicBacklog   20000      
DynamicBacklogGrowthDelta   10   
Additional Protections
All of the keys and values in this section are located under the registry key HKLM\System\CurrentControlSet\Services\Tcpip\Parameters.
Protect Screened Network Details
Network Address Translation (NAT) is used to screen a network from incoming connections. An attacker can circumvent this screen to determine the network topology using IP source routing.
Value:DisableIPSourceRouting
Recommended value data: 1
Valid values: 0 (forward all packets), 1 (do not forward Source Routed packets), 2 (drop all incoming source routed packets).
Description: Disables IP source routing, which allows a sender to determine the route a datagram should take through the network.
Do Not Forward Packets Destined for Multiple Hosts
Multicast packets may be responded to by multiple hosts, resulting in responses that can flood a network.
Value:EnableMulticastForwarding
Recommended value data: 0
Valid range: 0 (false), 1 (true)
Description: The routing service uses this parameter to control whether or not IP multicasts are forwarded. This parameter is created by the Routing and Remote Access Service.
Only Firewalls Forward Packets Between Networks
A multi-homed server must not forward packets between the networks it is connected to. The obvious exception is the firewall.
Value:IPEnableRouter
Recommended value data: 0
Valid range: 0 (false), 1 (true)
Description: Setting this parameter to 1 (true) causes the system to route IP packets between the networks to which it is connected.
Mask Network Topology Details
The subnet mask of a host can be requested using ICMP packets. This disclosure of information by itself is harmless; however, the responses of multiple hosts can be used to build knowledge of the internal network.
Value:EnableAddrMaskReply
Recommended value data: 0
Valid range: 0 (false), 1 (true)
Description: This parameter controls whether the computer responds to an ICMP address mask request.
Use the values summarized in Table 5 for maximum protection
Table 5 Recommended Values
 
Value Name   Value (REG_DWORD)      
DisableIPSourceRouting   1      
EnableMulticastForwarding   0      
IPEnableRouter   0      
EnableAddrMaskReply   0   
Pitfalls
When testing the changes of these values, test against the network volumes you expect in production. These settings modify the thresholds of what is considered normal and are deviating from the tested defaults. Some may be too narrow to support clients reliably if the connection speed from clients varies greatly.