2.6.6. Global protection against socket hijacking

As explained earlier, to be protected against socket hijacking, applications must explicitly set the SO_EXCLUSIVEADDRUSE socket option before calling bind().

Thus, applications must be modified to be protected, which is typically not possible.

A registry value exists under the Parameters key of the Afd driver, to globally enable the protection, as if all applications specified the socket option:

Key: HKLM\SYSTEM\CurrentControlSet\Services\Afd\Parameters\
Value: DisableAddressSharing
Content: 1 (to enable protection)