[general] SP2 Tweak 2 get rid of TCP/IP limit


Recommended Posts

The beta testers noticed this (from what I was told) in the final stages of SP2. SP2 will limit the max number of TCP/IP connections that can be made to another computer via ONE port simultaneously to 10. Example : you can have 10 connections to 123.123.123.123 on port 234, but no more. Before this it was unlimited (well it wasn't really unlimited, but I call 16.7 million unlimited ). Their motivation? To stop (1) Port scanning (2)DoS attacks (3)(just a guess) to hurt P2P file sharing and thats bad. Know why? Because who knows what else that will hurt (proxies anyone?) and I don't like knowing there is a cap on my potentiol! How do you fix it?

Discussion about the issue can be found @ http://www.m$fn.org/board/index.php?showtopic=22640

Read instructions on HOW to apply the patch (below) @ http://www.m$fn.org/board/index.php?s...20entry162131

Download the patch so that you don't get the SP2 limit @ http://www.supportbuddy.com/sp2/tcpip.sys (NOTE : The TCPIP.sys file used was from from XP SP2 RTM (build 2180))

The guide as to how the patch was created can be found @ http://www.lvllord.de/4226fix/4226fix-en.htm

EDIT : I don't know why those first two links arent shoinwg up right go here ==> http://forums.pcper.com/showthread.php?t=342126 for the links in proper form (i posted this at another forum too, thats what this link is :D )

EDIT 2 : I got the links working. I had to go read why they weren't showing up. I didn't even know yall hated each other. Anywho, its obvious that you gotta replace teh $ with an S.

Edited by nytmarezz

Get hold of a boot cd with Winternals or Bart's PE Builder or Hiren's Boot CD Ver6 and go to a restore point, once you boot from the cd, and see if this will solve the problem.

Sorry this was ment for someone else. Wrong place, sorry!!!

i just used the patch which increases it to 50 from neowin from the following link

https://www.neowin.net/forum/index.php?showtopic=200828

is that OK? the link for the file i used is

https://www.neowin.net/forum/index.php?act=...st&id=584323888

,Aug 9 2004, 23:37] weird...I haven't noticed any slowdown with torrents since saturday, when I installed RTM. I think I'll wait until more details about this come to light.

same here. I have been using a recent post-SP2 build but neither bittorrent or emule where slow.

just wondering, 1. why would a p2p application on one computer connect 10 times to another computer on the same port?! 2. why did u put those $ in the links?

Actually WindowsXP itself was limited to 10 connections. This was to keep someone from using WinXP as a server rather than buy Windows Server. You can overcome this by modifying the registry, but in most cases is not necessary as no one wants to use WinXP as a true server so doesn't need anymore connections than this.

If you aren't comfortable editing the registry try X-Teq'a XSetup, very nice program with an intuitive interface.

I think the patch is a mistake. Many people who don't know what it actually does, and don't need it, will just apply the patch and will make things worse instead of improving them! Very few people need this patch. The average joe should not install this patch blindly.

I like the conspiracy theories about P2P though. The patch does not limit the connections to 10, it puts all >10 in a queue where they are still processed, but with a slight delay. The effect to anyone but a worm who opens bazillions connections a minute is not noticeable.

Also quite funny that people keep ranting that MS doesn't do enough for security, and when they finally do everyone goes OMG and reverses the whole thing. And in a week they will rant that MS doesn't do enough about security.

If you still feel that you need this patch, get the one that limits at 50, not the one that removes the limit completely!!

50 is still a reasonable limit, and might still hurt worms at least a bit, but is surely relaxed enough to not even affect the most connection happy guy on this planet ;) While unlimited is ... unlimited ;)

All i'm saying is don't apply the patch just because everyone seems to do. If you run into noticeable problems and are absolutely positively sure that SP2 makes whatever you do much slower then by all means go ahead and try it out. Don't get freaked out because 4622 appears in the event log, that alone is not a sign of anything becoming slower.

Hi,

To clarify, this restriction is for HALF OPEN TCP connections only, not the total number of TCP connections your PC can or will make.

A half open connection is one which has not yet completed the full TCP hand-shake sequence.

If an application has issues with limiting the rate at which connections can be made, then the authors need to take this into account in future releases.

In theory XP SP2 will cache the pending TCP connections until they have been completed, if your application needs 50 connections and there are 10 still pending, the other 40 will be cached and processed when the queue clears. This rate will depend on what your application is connecting to :)

Please don't think this limits the total number of TCP connections you can make, it just affects the RATE at which they can be processed.

It has no other effects on network shares or other forms of connections.

Unless you have an application which is seriously impacted by this limit, I would suggest this limit is not changed. If you have a application which is being affected, you need to send feedback to the author so that can amend the software to make it SP2 complient :)

Kind Regards

Simon

It affects the rate.. yes! So it also affects filesharing clients.. If you prefer security above download speed, ok.. but I don't.. I just don't want the SP2 change, but the way it was in SP1, so unlimited and not only 10!

When you don't apply this patch.. you are not able to connect to servers like in Shareaza.. When you only have a few downloads in your list, then there is not really a problem, BUT when you are a heavy user and have many downloads, then 10 and even 50 concurrent connections is not enough.. I just don't want to see the EventID error at all.. because that means the capabilities of the application are getting hammered..

This is what Microsoft says:

Limited number of simultaneous incomplete outbound TCP connection attempts

Detailed description

The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system?s event log.

Why is this change important? What threats does it help mitigate?

This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.

What works differently?

This change may cause certain security tools, such as port scanners, to run more slowly.

How do I resolve these issues?

Stop the application that is responsible for the failing connection attempts.

Stop the application? Does Microsoft think we are stupid?

No, if you don't want to be restricted in any way, than this is for you.. If you don't care, just don't apply this patch.. it's as simple as that..

I modified the TCPIP.SYS.. just follow the instructions below, after that it's not 50 anymore, but unlimited!

* patched file attached *

This fix will make the number of concurrent TCP connect attempts UNLIMITED.

Instructions:

First of all, make sure you backup your old tcpip.sys first!

Restart your computer an press F8 short after the Bios is done and start in safe mode.

Then we go into the directory C:\WINDOWS\SYSTEM32\DRIVERS and overwrite the existing TCPIP.SYS

with our patched one and then repeat this with the directory C:\WINDOWS\SERVICEPACKFILES\I386

and system dependend eventually with C:\WINDOWS\SYSTEM32\DLLCACHE.

We did it! Now only reboot Windows and the normal surfing will work again!

The original fix was made by LvlLord, but that fix only increases the number of concurrent TCP connect

attempts from 10 to 50 which is in some cases not sufficient.

http://www.lvllord.de/4226fix/4226fix-en.htm

Edited by FBtje

People just don't understand. Notice what it says dude. INCOMPLETE TCP connections. As stated numerous times before this will not hender filesharing.

Besides this is not a discussion for the AutoPatcher forum and I hope a moderator will move or close this discussion.

Well I noticed that in shareaza I just cannot connect to the Gnutella1 servers..it will gave various reasons but the common thing is that I just _won't_ be able to connect to Gnutella 1 network, I thoguht this patch may fix that..but apparently not. Is this issue related?

it can take a considerable amount of time before G1 gets connected.. just be patient ;)

at least make sure your host cache for Gnutella1 is not empty (menu -> View -> Host Cache).. if it's empty try to query some services by pressing F9, also deleting all services first will sometimes help..

People just don't understand.  Notice what it says dude.  INCOMPLETE TCP connections.  As stated numerous times before this will not hender filesharing. 
I just don't like limits even if they are practical.
Besides this is not a discussion for the AutoPatcher forum and I hope a moderator will move or close this discussion.

I put it here in the autopatcher forum so that if Flish or Raptor want to include it as an optional tweak in Autopatcher (that would rock!) then at least they know about it. There are lots of other similar little tweaks in the full version of autopatcherxp.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.