Author Topic: Remove Windows XP-SP3 TCP/IP Connections Limit?  (Read 36409 times)

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20172
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Remove Windows XP-SP3 TCP/IP Connections Limit?
« on: August 23, 2009, 04:51:18 PM »
Hi malware fighters,

Removing the Windows XP-SP3 TCP/IP Connections Limit is that advisable?
Re: http://www.windowsreference.com/windows-xp/remove-windows-xp-sp3-tcpip-connections-limit/

I saw this message for this in the logs of Event Log Explorer:
Quote
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

The limit for XPHome is 5 and XPPro is 10. Could this message also indicate malicious connection attempts?
Who will shed some light on this issue?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23993
  • Gender: Male
  • 53 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
    • Personal Message (Offline)
Free avast! Security Seminar: http://www.authorstream.com/Presentation/bob3160-1425909-protecting-yourself/    -  Important: http://www.organdonor.gov/
My Blog: http://bob3160.blogspot.com/ - Win 8.1 Pro 64bit, 4 Gig Ram, avast!2014.9.0.2015 Free, MBAM, WinPatrol -- How to Successfully Install avast! http://goo.gl/VLXde
                     - It's nice to be Important. - It's more important to be Nice. -

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20172
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #2 on: August 23, 2009, 06:14:29 PM »
Hi bob3160,

Thanks for the link,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23993
  • Gender: Male
  • 53 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
    • Personal Message (Offline)
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #3 on: August 23, 2009, 07:49:29 PM »
Hope it helped. :)
Free avast! Security Seminar: http://www.authorstream.com/Presentation/bob3160-1425909-protecting-yourself/    -  Important: http://www.organdonor.gov/
My Blog: http://bob3160.blogspot.com/ - Win 8.1 Pro 64bit, 4 Gig Ram, avast!2014.9.0.2015 Free, MBAM, WinPatrol -- How to Successfully Install avast! http://goo.gl/VLXde
                     - It's nice to be Important. - It's more important to be Nice. -

Offline curious!

  • avast! Evangelist
  • Poster
  • ***
  • Posts: 531
  • Gender: Male
    • Personal Message (Offline)
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #4 on: August 27, 2009, 10:05:50 AM »

The limit for XPHome is 5 and XPPro is 10. Could this message also indicate malicious connection attempts?
Who will shed some light on this issue?

polonus
I have been offline for a time and found this thread.

Just to clarify:

Windows XP all SP's Home and Pro has no practical limit on the number of concurrent TCP/IP connections
for OUTBOUND connections at a given time.

The numbers 5 and 10 quoted is about simultanous INCOMING connections to a shared folder or a shared printer or
other used shared resources.

So the whole point here is that the maximum OUTBOUND CONNECTION ATTEMPTS in a time-frame of one
second is set to 10 in XP SP2 and XP SP3 home and pro. The rationale for this is to stop malware making new connections too fast and thereby reduce the speed of spreading. XP RTM and XP SP1 didn't have this constraint.

Think of a malware wanting to make 1000 connections outbound from your machine.
That will take at least 100 seconds with this new rule instead of 0.00... seconds.
But in this scenario after that time you could have 1000 outbound simultanous connections without problems.

And you would get the warning in Eventlog/System as you mention.

There is no registry setting for this '10 connection attempts per second' rule.

Some people therefore hack the tcpip.sys file which contains this limit and set it to e.g. 100 instead of 10.

The article at speedguide.net contains much info about hacking that file.

Polonus;
I think this answers your original question: Could this message also indicate malicious connection attempts?
Yes, if there is no other reason for a lot of connection attempts in a given time-frame and the message in Eventlog/System is recurring.

HL

Offline Darth.Mikey

  • Super Poster
  • ***
  • Posts: 1586
  • You are unwise to lower your defenses!
    • Personal Message (Offline)
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #5 on: August 27, 2009, 10:15:06 AM »
Known problem for us torrent users. You can imagine how many connections are going in and out when downloading torrents. I've been patching this biatch since like forever it seems. ;D

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64891
  • Gender: Male
    • Personal Message (Online)
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #6 on: August 27, 2009, 01:12:26 PM »
How does this work on Vista?
The best things in life are free.

Offline Darth.Mikey

  • Super Poster
  • ***
  • Posts: 1586
  • You are unwise to lower your defenses!
    • Personal Message (Offline)
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #7 on: August 27, 2009, 01:22:06 PM »
Tech to put your mind at ease, MS has removed this limit if you have Service Pack 2 installed. Also Win 7 does not have this limit... Cheers mate ! ;)

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64891
  • Gender: Male
    • Personal Message (Online)
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #8 on: August 27, 2009, 01:28:24 PM »
Tech to put your mind at ease, MS has removed this limit if you have Service Pack 2 installed. Also Win 7 does not have this limit... Cheers mate ! ;)
Seems that Vista don't have that limit also... Thanks.
The best things in life are free.

Offline Darth.Mikey

  • Super Poster
  • ***
  • Posts: 1586
  • You are unwise to lower your defenses!
    • Personal Message (Offline)
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #9 on: August 27, 2009, 01:34:49 PM »
Like i said the limit was removed with Vista Service Pack 2. :)

Offline satyr

  • Jr. Member
  • **
  • Posts: 31
  • Gender: Male
  • an ex-architecture student
    • Tadej's computing homepage
    • Personal Message (Offline)
Re: Remove Windows XP-SP3 TCP/IP Connections Limit?
« Reply #10 on: August 28, 2009, 09:08:16 PM »
Just to clarify:

Windows XP all SP's Home and Pro has no practical limit on the number of concurrent TCP/IP connections for OUTBOUND connections at a given time.

The numbers 5 and 10 quoted is about simultanous INCOMING connections to a shared folder or a shared printer or other used shared resources.

Yeah, it's not 10 concurrent connections, but 10 half-open concurrent connections or in other words connection attempts.

Think of a malware wanting to make 1000 connections outbound from your machine.
That will take at least 100 seconds with this new rule instead of 0.00... seconds.
But in this scenario after that time you could have 1000 outbound simultanous connections without problems.

Though it surely is a security measure, it's somewhat pointless. I mean, if there is a worm exploiting a vulnerability in a given environment, I is limited to only infect 10 machines at a time? But then it'll infect 10, and then 10, etc...

If you are interested, see the debate in "On patching the Win XP SP2's "tcpip.sys" driver ..." thread that I opened on forum on Ars Technica.

Known problem for us torrent users. You can imagine how many connections are going in and out when downloading torrents. I've been patching this biatch since like forever it seems. ;D

I use a p2p program Soulseek and I was too getting these warnings (Event ID: 4226) in the Event Viewer all the time, therefore, same as you, I manually patched (for others, see this post of mine that explains how to do it) the "tcpip.sys" driver. Also, there is xp-AntiSpy program that does it four you!!
« Last Edit: August 28, 2009, 09:40:32 PM by satyr »
Hey everybody, if you are interested, please check out my personal website: http://tadej-ivan.50webs.com/ and enjoy in my computing articles, discoveries, principles, rules, tips etc.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now