Can i increase my max half open connections in X64 SP2?

Discussion in 'Windows 64bit' started by =?Utf-8?B?bG9zdHdvcmQ=?=, Mar 16, 2007.

  1. As with yet another version of TCPIP.SYS that got released from Microsoft, my
    max open connection are limited again, and the well known patch wont work on
    it.

    I know that this method is to keep novice users from unknowingly spread
    worms, but why people who know what they are doing should be limited without
    the option to change the settings?

    Is there any way to increase my max connections?

    Thanks.
     
    =?Utf-8?B?bG9zdHdvcmQ=?=, Mar 16, 2007
    #1
    1. Advertising

  2. Lostworld:
    I regret to say that LvlLord
    (http://www.lvllord.de/?lang=en&url=news&PHPSESSID=10b1cfc2015dde37f49db76073ef9a01),
    the creator of the TCPIP.SYS patch is showing no "life" signs as of June 2006.
    How do we make him wake up?
    This "disease" also plagues Windows Vista.
    Carlos

    "lostword" wrote:

    > As with yet another version of TCPIP.SYS that got released from Microsoft, my
    > max open connection are limited again, and the well known patch wont work on
    > it.
    >
    > I know that this method is to keep novice users from unknowingly spread
    > worms, but why people who know what they are doing should be limited without
    > the option to change the settings?
    >
    > Is there any way to increase my max connections?
    >
    > Thanks.
     
    =?Utf-8?B?Q2FybG9z?=, Mar 17, 2007
    #2
    1. Advertising

  3. You can increase the number of connections by moving to a Server operating
    system. Windows 2003 Small Business Server allows 74 simultaneous
    connections and any full Server version of Windows allows unlimited
    connections.
    --
    Cari (MS-MVP)
    Windows Technologies - Printing & Imaging
    http://www.coribright.com/windows

    "lostword" <> wrote in message
    news:...
    > As with yet another version of TCPIP.SYS that got released from Microsoft,
    > my
    > max open connection are limited again, and the well known patch wont work
    > on
    > it.
    >
    > I know that this method is to keep novice users from unknowingly spread
    > worms, but why people who know what they are doing should be limited
    > without
    > the option to change the settings?
    >
    > Is there any way to increase my max connections?
    >
    > Thanks.
     
    Cari \(MS-MVP\), Mar 17, 2007
    #3
  4. =?Utf-8?B?bG9zdHdvcmQ=?=

    Jane C Guest

    The tcpip.sys limitation has nothing to do with the number of physical
    connections allowed to a particular OS. It refers to the number of
    half-open connections, ie ones that can't complete, most often caused by a
    badly-written application. Any pc can have hundreds of tcpip connections at
    the same time, as long as they aren't half-open. The limit in XP used to be
    50 half-open connections, but was reduced to 10 to limit the spread of
    worms/blaster/sasser etc.

    It is *not* the same as the 5 or 10 limit physical connection to the OS as
    defined in the EULA.

    XP SP2 introduced the 10 half-open limit in tcpip.sys:
    http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx

    Restricted traffic over raw sockets
    Detailed description

    A very small number of Windows applications make use of raw IP sockets,
    which provide an industry-standard way for applications to create TCP/IP
    packets with fewer integrity and security checks by the TCP/IP stack. The
    Windows implementation of TCP/IP still supports receiving traffic on raw IP
    sockets. However, the ability to send traffic over raw sockets has been
    restricted in two ways:

    • TCP data cannot be sent over raw sockets.

    • UDP datagrams with invalid source addresses cannot be sent over raw
    sockets. The IP source address for any outgoing UDP datagram must exist on a
    network interface or the datagram is dropped.


    Why is this change important? What threats does it help mitigate?

    This change limits the ability of malicious code to create distributed
    denial-of-service attacks and limits the ability to send spoofed packets,
    which are TCP/IP packets with a forged source IP address.

    Limited number of simultaneous incomplete outbound TCP connection attempts
    Detailed description

    The TCP/IP stack now limits the number of simultaneous incomplete outbound
    TCP connection attempts. After the limit has been reached, subsequent
    connection attempts are put in a queue and will be resolved at a fixed rate.
    Under normal operation, when applications are connecting to available hosts
    at valid IP addresses, no connection rate-limiting will occur. When it does
    occur, a new event, with ID 4226, appears in the system’s event log.

    Why is this change important? What threats does it help mitigate?

    This change helps to limit the speed at which malicious programs, such as
    viruses and worms, spread to uninfected computers. Malicious programs often
    attempt to reach uninfected computers by opening simultaneous connections to
    random IP addresses. Most of these random addresses result in a failed
    connection, so a burst of such activity on a computer is a signal that it
    may have been infected by a malicious program.

    What works differently?

    This change may cause certain security tools, such as port scanners, to run
    more slowly.

    How do I resolve these issues?

    Stop the application that is responsible for the failing connection
    attempts.


    --
    Jane, not plain ;) 64 bit enabled :)
    Batteries not included. Braincell on vacation ;-)
    "Cari (MS-MVP)" <> wrote in message
    news:...
    > You can increase the number of connections by moving to a Server operating
    > system. Windows 2003 Small Business Server allows 74 simultaneous
    > connections and any full Server version of Windows allows unlimited
    > connections.
    > --
    > Cari (MS-MVP)
    > Windows Technologies - Printing & Imaging
    > http://www.coribright.com/windows
    >
    > "lostword" <> wrote in message
    > news:...
    >> As with yet another version of TCPIP.SYS that got released from
    >> Microsoft, my
    >> max open connection are limited again, and the well known patch wont work
    >> on
    >> it.
    >>
    >> I know that this method is to keep novice users from unknowingly spread
    >> worms, but why people who know what they are doing should be limited
    >> without
    >> the option to change the settings?
    >>
    >> Is there any way to increase my max connections?
    >>
    >> Thanks.

    >
     
    Jane C, Mar 17, 2007
    #4
  5. Jane C:
    Thanks for your super clear explanation.
    The most common cause for this requests (expand tcpip max half connections
    limits) comes from the use of certain "file sharing" programs like e-mule,
    e-donkey or others of the like.
    They cause the event id 4226 error instantly.
    Like you said, if you close the program, the problem is gone.
    Internet browsing is a pain in the butt when reaching that limit.
    Carlos

    "Jane C" wrote:

    > The tcpip.sys limitation has nothing to do with the number of physical
    > connections allowed to a particular OS. It refers to the number of
    > half-open connections, ie ones that can't complete, most often caused by a
    > badly-written application. Any pc can have hundreds of tcpip connections at
    > the same time, as long as they aren't half-open. The limit in XP used to be
    > 50 half-open connections, but was reduced to 10 to limit the spread of
    > worms/blaster/sasser etc.
    >
    > It is *not* the same as the 5 or 10 limit physical connection to the OS as
    > defined in the EULA.
    >
    > XP SP2 introduced the 10 half-open limit in tcpip.sys:
    > http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx
    >
    > Restricted traffic over raw sockets
    > Detailed description
    >
    > A very small number of Windows applications make use of raw IP sockets,
    > which provide an industry-standard way for applications to create TCP/IP
    > packets with fewer integrity and security checks by the TCP/IP stack. The
    > Windows implementation of TCP/IP still supports receiving traffic on raw IP
    > sockets. However, the ability to send traffic over raw sockets has been
    > restricted in two ways:
    >
    > • TCP data cannot be sent over raw sockets.
    >
    > • UDP datagrams with invalid source addresses cannot be sent over raw
    > sockets. The IP source address for any outgoing UDP datagram must exist on a
    > network interface or the datagram is dropped.
    >
    >
    > Why is this change important? What threats does it help mitigate?
    >
    > This change limits the ability of malicious code to create distributed
    > denial-of-service attacks and limits the ability to send spoofed packets,
    > which are TCP/IP packets with a forged source IP address.
    >
    > Limited number of simultaneous incomplete outbound TCP connection attempts
    > Detailed description
    >
    > The TCP/IP stack now limits the number of simultaneous incomplete outbound
    > TCP connection attempts. After the limit has been reached, subsequent
    > connection attempts are put in a queue and will be resolved at a fixed rate.
    > Under normal operation, when applications are connecting to available hosts
    > at valid IP addresses, no connection rate-limiting will occur. When it does
    > occur, a new event, with ID 4226, appears in the system’s event log.
    >
    > Why is this change important? What threats does it help mitigate?
    >
    > This change helps to limit the speed at which malicious programs, such as
    > viruses and worms, spread to uninfected computers. Malicious programs often
    > attempt to reach uninfected computers by opening simultaneous connections to
    > random IP addresses. Most of these random addresses result in a failed
    > connection, so a burst of such activity on a computer is a signal that it
    > may have been infected by a malicious program.
    >
    > What works differently?
    >
    > This change may cause certain security tools, such as port scanners, to run
    > more slowly.
    >
    > How do I resolve these issues?
    >
    > Stop the application that is responsible for the failing connection
    > attempts.
    >
    >
    > --
    > Jane, not plain ;) 64 bit enabled :)
    > Batteries not included. Braincell on vacation ;-)
    > "Cari (MS-MVP)" <> wrote in message
    > news:...
    > > You can increase the number of connections by moving to a Server operating
    > > system. Windows 2003 Small Business Server allows 74 simultaneous
    > > connections and any full Server version of Windows allows unlimited
    > > connections.
    > > --
    > > Cari (MS-MVP)
    > > Windows Technologies - Printing & Imaging
    > > http://www.coribright.com/windows
    > >
    > > "lostword" <> wrote in message
    > > news:...
    > >> As with yet another version of TCPIP.SYS that got released from
    > >> Microsoft, my
    > >> max open connection are limited again, and the well known patch wont work
    > >> on
    > >> it.
    > >>
    > >> I know that this method is to keep novice users from unknowingly spread
    > >> worms, but why people who know what they are doing should be limited
    > >> without
    > >> the option to change the settings?
    > >>
    > >> Is there any way to increase my max connections?
    > >>
    > >> Thanks.

    > >

    >
    >
     
    =?Utf-8?B?Q2FybG9z?=, Mar 17, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. gooofoofs

    PIX checking MAX connections

    gooofoofs, Apr 14, 2005, in forum: Cisco
    Replies:
    1
    Views:
    1,776
    Brian V
    Apr 14, 2005
  2. bhaskar

    Max Apperture and Max. Shutter Speed Confusion-HELP

    bhaskar, Jul 15, 2003, in forum: Digital Photography
    Replies:
    12
    Views:
    2,723
    Dragan Cvetkovic
    Jul 22, 2003
  3. =?Utf-8?B?SmFja04=?=

    MDAC 2.8 SP2 for W2K3 R2 x64 SP2

    =?Utf-8?B?SmFja04=?=, Jun 4, 2007, in forum: Windows 64bit
    Replies:
    2
    Views:
    4,112
    Steve Foster [SBS MVP]
    Jun 7, 2007
  4. =?Utf-8?B?QmrDuHJu?=

    Adminpak SP2 , Windows Server x64 SP2

    =?Utf-8?B?QmrDuHJu?=, Aug 29, 2007, in forum: Windows 64bit
    Replies:
    2
    Views:
    3,833
    =?Utf-8?B?QmrDuHJu?=
    Sep 3, 2007
  5. Gordy

    ADSL Max/Max

    Gordy, Nov 24, 2006, in forum: NZ Computing
    Replies:
    6
    Views:
    688
    David Empson
    Nov 24, 2006
Loading...

Share This Page