
Explanation: When Windows NT attempts to make a socket connection, it sends out a SYN
packet to the remote computer, and waits for a reply. If no reply occurs within
the time out period (3 seconds by default), it then doubles the time out period,
and retries the connection attempt. There is an internal limit to the number
of sockets which Windows NT can maintain in this state, and once that limit is
exceeded, kernel CPU usage approaches 100%, and the system appears to hang. If
left alone, the system eventually recovers, but may have an extremely long
response time until it recovers. Microsoft has been advised of this problem, and
will hopefully correct it in a future service pack. This problem typically
occurs while scanning a network where ICMP traffic is filtered. If ICMP traffic
is not filtered, the host machine can reply to a connection attempt with either
a SYN-ACK (success), or an ICMP port unreachable. In either case, the
connection attempt can be resolved.
Fix: Open the Registry editor (either regedit.exe, or regedt32.exe), locate the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
Problem: No Windows vulnerabilities are found by the scanner.
Explanation: The scanner uses nbtstat.exe to read the NetBIOS name table on the scanned
host. If a NetBIOS name table is not found, the scanner will skip further
checks of Windows services unless the
Fix: Choose Edit, Template Properties, select the MS Windows tab, and enable Scan
Always.
Problem: The scanner terminates because the user is not a member of administrators.
Explanation: The scanner is capable of gathering a large amount of very sensitive
information, as well as gathering password files. For this reason, it is required
that the scanner be run by a user who is part of the administrators group.
Fix: Log in as an administrator level user.
Problem: The scanner terminates due to an incorrect version of Windows NT.
Explanation: The user interface requires items which were not available under Windows NT
3.5, and the scanner has not been tested under that version. Microsoft
released an alpha version of the Windows 95 interface for Windows NT 3.51 which is
known as the
Fix: Obtain a supported version of Windows NT. Windows NT 3.51 and 4.0 are
currently supported. The scanner will run under beta 2 of Windows NT 4.0, but may
display setup errors. It is strongly recommended that the scanner be run on
release versions of Windows NT.
Troubleshooting
\Parameters key, and insert the following values: TcpMaxConnectAttempts, with
type REG_DWORD, and a value of 3, and TcpMaxConnectRetransmission, with type
REG_DWORD, and a value of 3. You must restart your system before these changes
will take effect. For additional information regarding these parameters,
please consult your Windows NT Resource Kit.