Windows XP-SP2 onwards all versions of windows seem to have a limit on the number of half-open outbound connections (SYN) an application can have. The limit currently is 10. This was done to slow down viruses that try to connect to a number of random IP addresses.
The limit affects a lot of networking applications as well, which include vpn, p2p applications and many more. To check whether your activities are being affected by the patch navigate to Control Panel > Administrative Tools > Event Viewer > System. If there are several occurences of event id 4226 then either its a virus or your applications are affected by it.
If you are not using any application that is supposed to open a lot of connections then its likely to be a virus and the patch is working for you. However weakening of protocol stack is no cure, use a good antivirus software to prevent your system from viruses.
If you use an application that might open several connections then most likely the patch is slowing you down.. To check that go to command prompt and type the command "netstat -o" without the quotes, you'll see multiple SYN_SEND entries note down the process id. Use this Id and find out which application is having these half-open connections through task manager.
This limit is enforced through the file tcpip.sys which is a binary file, so its hard to modify it manually. Thankfully there is a workaround for this, an unofficial patch called EventID 4226 Patcher is available and can be used for Windows XP. Download this patch and it will modify the limit to 50. For Windows Vista download the Vista TCP Patch and use the command "VistaTcpPatch /n 50
" to set the limit to 50.
Microsoft updates might restore the limit back to 10, so make sure that after every windows update you run this patch.
Sunday, December 23, 2007
Event Id 4226
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment