Opening eventvwr and looking at the system tab i get some warnings with this message "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts, EventID 4226". Is there a way to solve this? Another strange thing is that sometimes when i type a url i get the "page cannot be displayed" message. When i retype the url everything is ok. Also my connection freezes when i try to open 3 or 4 web pages simultaneously (none of the pages is diplayed. The blue progress bar of the internet explorer stops after a few seconds or the page appears aftes about 1 minute)
Problem propably related to Windows XP SP2
- Thread starter infini
- Start date
After checking again the event viewer i saw this error at the system tab "Source: Service Control Manager, Event: 7023, Description: The Computer Browser service terminated with the following error: This operation returned because the timeout period expired."
spherrod
Diamond Member
Are you using p2p software? SP2 limits the number of concurrent open TCP connections (I think that's right - someone else correct me if not) There's a workaround here
http://www.lvllord.de/?lang=en&url=tools
http://www.lvllord.de/?lang=en&url=tools
I found some help in this site but it doesn't provide any links for the hotfix:
http://support.microsoft.com/?kbid=889320&SD=tech
I am using Zonealarm Pro
http://support.microsoft.com/?kbid=889320&SD=tech
I am using Zonealarm Pro
spherrod
Diamond Member
before you do anything else do some serious scans to ensure your pc isnt infected with spyware/worms/viruses/etc.; even P2P traffic *shouldnt* be filling up the half-open connection queue
I do not reccomend performing the actions described in this site. If you're hitting the half-open connection limit odds are something is wrong.
I agree with spyordie007. Chances are you are infected with some kind of virus and it's attempting to make 100s of connections a second to infect other machines. This change was made to TCP/IP in SP2 to help slow these types of things from happening.
spherrod
Diamond Member
I've known heavy p2p users who think they are hitting the limit...
If you (or those p2p users) knew the way TCP connections were established they wouldnt be worrying about it.
spherrod
Diamond Member
I'm intrigued now
I've seen a couple of systems full of the 4226 error in Event Manager after installing SP2. Done the obvious and scanned for spyware/viruses using a combination of Spybot, Microsoft Anti-Spyware and Kaspersky (in safe mode as well) but nothing found. Changing the limit in the registry removed the errors - were these people just using p2p excessively - i.e. queuing loads of things in p2p software?Seeing this in the event log doesnt neccisarily mean there is a problem.
Trying to not confuse things further I'll elaborate, but if you're not already familier with how TCP connections you'll probably have to do some reading.
Under XP SP2 there is a 10 half-open connection queue; this queue does not restrict the total connections you have but rather just the connections that are not fully established. Lets say you are running a P2P application and you have an average response time of 100ms to each host your machine connects to. Using this example you would be able to establish a connection with 100 remote hosts per second (not that it matters because even on a very fast pipe you would probably saturate your bandwidth with less than 100 connections). It's possible that when you first launch your application it requests more than 10 connections which would fill the 10 half-open connection queue and would give you an error in your event log; however that queue would flush quickly as the connections became established. About the only legitimate traffic the queue would slow down at this rate would be when the application initially attempts to establish a lot of connections at once; and the amount that it would be slowed down would be very minimal (a couple-hundred miliseconds at most).
So if you can still connect to a lot of hosts with this queue why is it a good thing?
The way most worms work is they attempt to connect to random addresses. Since the majority of the randomly generated addresses are going to be either empty or firewalled the worm would have to first wait for the connection to time-out before it can attempt to connect to another address. This process doesnt stop the spread of worms; what it effectivly does is slow the rate at which a machine can attempt to connect to non-existant hosts.
spherrod
Diamond Member
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter