Author Topic: Remove Windows XP-SP3 TCP/IP Connections Limit?  (Read 55484 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Remove Windows XP-SP3 TCP/IP Connections Limit?
« on: August 23, 2009, 06:51:18 PM »
Hi malware fighters,

Removing the Windows XP-SP3 TCP/IP Connections Limit is that advisable?
Re: http://www.windowsreference.com/windows-xp/remove-windows-xp-sp3-tcpip-connections-limit/

I saw this message for this in the logs of Event Log Explorer:
Quote
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

The limit for XPHome is 5 and XPPro is 10. Could this message also indicate malicious connection attempts?
Who will shed some light on this issue?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #2 on: August 23, 2009, 08:14:29 PM »
Hi bob3160,

Thanks for the link,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #3 on: August 23, 2009, 09:49:29 PM »
Hope it helped. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

hlecter

  • Guest
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #4 on: August 27, 2009, 12:05:50 PM »

The limit for XPHome is 5 and XPPro is 10. Could this message also indicate malicious connection attempts?
Who will shed some light on this issue?

polonus
I have been offline for a time and found this thread.

Just to clarify:

Windows XP all SP's Home and Pro has no practical limit on the number of concurrent TCP/IP connections
for OUTBOUND connections at a given time.

The numbers 5 and 10 quoted is about simultanous INCOMING connections to a shared folder or a shared printer or
other used shared resources.

So the whole point here is that the maximum OUTBOUND CONNECTION ATTEMPTS in a time-frame of one
second is set to 10 in XP SP2 and XP SP3 home and pro. The rationale for this is to stop malware making new connections too fast and thereby reduce the speed of spreading. XP RTM and XP SP1 didn't have this constraint.

Think of a malware wanting to make 1000 connections outbound from your machine.
That will take at least 100 seconds with this new rule instead of 0.00... seconds.
But in this scenario after that time you could have 1000 outbound simultanous connections without problems.

And you would get the warning in Eventlog/System as you mention.

There is no registry setting for this '10 connection attempts per second' rule.

Some people therefore hack the tcpip.sys file which contains this limit and set it to e.g. 100 instead of 10.

The article at speedguide.net contains much info about hacking that file.

Polonus;
I think this answers your original question: Could this message also indicate malicious connection attempts?
Yes, if there is no other reason for a lot of connection attempts in a given time-frame and the message in Eventlog/System is recurring.

HL

Hard_ROCKER

  • Guest
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #5 on: August 27, 2009, 12:15:06 PM »
Known problem for us torrent users. You can imagine how many connections are going in and out when downloading torrents. I've been patching this biatch since like forever it seems. ;D

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #6 on: August 27, 2009, 03:12:26 PM »
How does this work on Vista?
The best things in life are free.

Hard_ROCKER

  • Guest
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #7 on: August 27, 2009, 03:22:06 PM »
Tech to put your mind at ease, MS has removed this limit if you have Service Pack 2 installed. Also Win 7 does not have this limit... Cheers mate ! ;)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #8 on: August 27, 2009, 03:28:24 PM »
Tech to put your mind at ease, MS has removed this limit if you have Service Pack 2 installed. Also Win 7 does not have this limit... Cheers mate ! ;)
Seems that Vista don't have that limit also... Thanks.
The best things in life are free.

Hard_ROCKER

  • Guest
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #9 on: August 27, 2009, 03:34:49 PM »
Like i said the limit was removed with Vista Service Pack 2. :)

satyr

  • Guest
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #10 on: August 28, 2009, 11:08:16 PM »
Just to clarify:

Windows XP all SP's Home and Pro has no practical limit on the number of concurrent TCP/IP connections for OUTBOUND connections at a given time.

The numbers 5 and 10 quoted is about simultanous INCOMING connections to a shared folder or a shared printer or other used shared resources.

Yeah, it's not 10 concurrent connections, but 10 half-open concurrent connections or in other words connection attempts.

Think of a malware wanting to make 1000 connections outbound from your machine.
That will take at least 100 seconds with this new rule instead of 0.00... seconds.
But in this scenario after that time you could have 1000 outbound simultanous connections without problems.

Though it surely is a security measure, it's somewhat pointless. I mean, if there is a worm exploiting a vulnerability in a given environment, I is limited to only infect 10 machines at a time? But then it'll infect 10, and then 10, etc...

If you are interested, see the debate in "On patching the Win XP SP2's "tcpip.sys" driver ..." thread that I opened on forum on Ars Technica.

Known problem for us torrent users. You can imagine how many connections are going in and out when downloading torrents. I've been patching this biatch since like forever it seems. ;D

I use a p2p program Soulseek and I was too getting these warnings (Event ID: 4226) in the Event Viewer all the time, therefore, same as you, I manually patched (for others, see this post of mine that explains how to do it) the "tcpip.sys" driver. Also, there is xp-AntiSpy program that does it four you!!
« Last Edit: August 28, 2009, 11:40:32 PM by satyr »