XPSP2 will limit your max. connections/sec

[Aaron.Walkhouse]

For those of you who apparently didn't know:

All P2P apps open and close a lot of connections concurrently, especially as they begin to hook up to their respective networks. Due to the inherently unpredictable nature of the networks many, if not most, of these connections will fail because the users have turned off the software or the IP addresses have changed.

As it works now this currently buggy beta security measure invariably interferes with legitimate P2P applications but this problem will be worked out so that both can coexist. For example, digitally signed software on a trusted root may be given a pass, but that check has yet to be built in because the throttle is still unfinished.

So: Don't panic just yet. ;]

Aaron.Walkhouse

www.bearshare.net

P.S: P2P is just as legal as a VCR and will stay that way.

I, for one, find plenty of legal things to share and download with ease.

[rogerlb]

this worked for me

http://www.lvllord.de/4226fix/4226fix-en.htm

After the "EventID 4226: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts" drove me almost crazy, I used the day to create a fix for this "feature" (we can discuss about).

Unfortunately there exists no REG-key which could easily be set (would be to nice, right? *smile*). The file TCPIP.SYS in the directory C:\WINDOWS\SYSTEM32\DRIVERS and C:\WINDOWS\SERVICEPACKFILES\I386 has to be changed (system dependend eventually in C:\WINDOWS\SYSTEM32\DLLCACHE, too).

Needed things:

- XP SP2 RC1/RC2/RC2-2 (Build 2096/2149/2162)

- patcher

- a small amount of time

What is been done:

To say it easy: the before 10 half-open connections are beeing increased to 16,7 mio and the CRC is been corrected. And that's it!

Comment:

The method described here, should only be used by users, who know how to handle all the described. With the download of the here published program the user know, that changes are made on third party files. For damages in every kind I cannot be hold responsible for. Indeed, tests with build 2149 and 2162 worked fine here (build 2096 I couldn't test because of missing servicepack). However, nothing is impossible.

Info: When error occurs, the patcher can change the TCPIP.SYS back to the original!

Instruction:

Copy the TCPIP.SYS from C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS to a new, clean directory (e.g C:\FIX) and copy the patcher to the same. Execute the patcher. It will automatically find out the build of your TCPIP.SYS and if it's already patched and ask, if it should patch/undo it.

Now restart your computer an press F8 short after the Bios is done and start in securemode (don't know the right translation!).

Then we go into the directory C:\WINDOWS\SYSTEM32\DRIVERS and overwrite the existing TCPIP.SYS with our patched one and the repeat this with the directory C:\WINDOWS\SERVICEPACKFILES\I386 and system dependend eventually with C:\WINDOWS\SYSTEM32\DLLCACHE.

[ateizzynuff]

:pinch: ouch! ...another patch we can't apply to .2179 version files :crazy:

Our hex values @ offset 130 -> 1F E6 05 00

...values @ 4F322 are the same as .2180

[dL]

So is there a fix? If so, how?

dL

[ring0]

my emule plus has been working flawlessly for the past 36hrs. y'all be trippin.

[KzR]

People have been bugging Microsoft for improved security and now they are complaining that it sucks... :whistle:

[-=SD=-]

I do see the entry in event viewer but I never had a problem with anything not working. :unsure:

[todd]

theres no reason they should worry about it, the only time you have a large number of connections is on P2P , which isnt legal , therefore they arent going to trouble themselfs to let you download porn... i dont blame them,

Have you thought about any legal reasons? How about querying 20,000 game servers quickly? You need to in order to get a list of game servers in your server browser.

[kaffra]

is it in sp2 rtm?

[thop]

People don't get it. This is a good thing. It doesn't affect P2P or anything at all.

It only affects connections that will never happen because the host is unreachable (=dead) so there would be no connection in the first place anyway. It just limits the attempts per second to try and reach those dead hosts again. If anything it will make your connection faster because less bandwith is being wasted on waiting on responses and resending of connection requests from/to unreachable networks.

If you change the value you're connection might actually get slower because it gets satured with useless connection requests.

For once MS did a really good thing and all the kids are crying like if someone stole their sweets.

Edited August 8, 2004 by thop

[NetRyder]

For once MS did a really good thing and all the kids are crying like if someone stole their sweets.

LOL, it's not the first time. :rofl:

[bkellner]

i've noticed no decrease in performance on bittorrent..

[abrooks]

Sorry if this was posted before but this thread is a real mess! Anyway found this site http://www.lvllord.de/ seems to have a patch that can do the job for us all has anyone tried it too success?

[Maxious]

It only affects connections that will never happen because the host is unreachable (=dead) so there would be no connection in the first place anyway. It just limits the attempts per second to try and reach those dead hosts again. If anything it will make your connection faster because less bandwith is being wasted on waiting on responses and resending of connection requests from/to unreachable networks.

i totally understand where you're coming from here but i think microsoft managed to stuff that one up aswell. do me a favour, look at your current netstat. the oh so stereotypical microsoft winsock api has exactly what we've come to expect.

out of my netstat output 2 connections were useful (msn messenger and the connection im using to load the images on this page) 8 connections were dead but not properly closed . if i understand this correctly sp2 would therefore deduce that i can use a whole 2 more connections on dead hosts.

if i had to choose between network saturation and rapid network scanning (like in non udp game server finders) i think i like the rapid network scanning :D

[yodat]

Is there a way other than the lvllord's patch that we can manually edit the tcpip.sys file ? (btw: the patch works with RTM 2180; at least xp boots up normally with patched tcpip.sys but could not test it with a p2p)

I mean how can i edit tcpip.sys file myself ?

Also what's the original value in SP1's tcpip.sys ? (i want to implement this value to the SP2's tcpip.sys file)

[eversor]

There are manual instructions on the same page:

http://mitglied.lycos.de/lvllord

[yodat]

There are manual instructions on the same page:

http://mitglied.lycos.de/lvllord

Those manual instructions does NOT say how can i edit it manually...

I can use a Hex Editor to edit (i assume) but don't know where to start...

[Maxious]

for those who want to test it out, lvllord has a batch file on that site

@echo off
for /l %%a in (1,1,20) DO start telnet 192.168.0.254

where 192.168.0.254 is an ip in your subnet that doesn't have a computer attached to it. then you can look for the EventID 4226 :D

[Large]

I see nothing worng with this at all, good security change !!

Agreed, if it will prevent or slow down the spread of viruses then surely its a good thing !

[yodat]

Agreed, if it will prevent or slow down the spread of viruses then surely its a good thing !

although the intension is good; the way how it's implelemented and give NO option to disable or enable such an important variable is BAD

[vcv]

Oh my god. I just read this whole thread, and I am absolutely sickened that people aren't even reading previous replies, and information posted right within this very thread to counter some claims made. It makes me want to cry.

[Bearded Kirklander]

Oh my god. I just read this whole thread, and I am absolutely sickened that people aren't even reading previous replies, and information posted right within this very thread to counter some claims made. It makes me want to cry.

I feel your pain, but reading 10 pages is just not something some folks have the patience for. Sorry.

Bottom line is that as long as you can turn stuff like this off, the world will still be ok for most of us. :)

[ateizzynuff]

Those manual instructions does NOT say how can i edit it manually...

I can use a Hex Editor to edit (i assume) but don't know where to start...

If you can use a hex editor (don't assume too much), that page gives you the values (& their offset position) to edit - but only specifically for versions; 2096, 2149, 2162 & 2180.

[laz45]

I have SP2 2180 RTM and E-Mule Works great, BT works great too.

[Bearded Kirklander]

In further reading, it almost sounds like this "feature" is misunderstood. I don't think it is designed to screw you up and goof on your peer to peer, but is really just supposed to help protect your system.

Anyone else get that read from the data out there?

Thanks,

BK