|
|
关于这个限制主要来自与系统事件:4226
| Description | TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. |
微软对此的解释是:
Limited number of simultaneous incomplete outbound TCP connection attempts
Detailed description
The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system’s event log.
Why is this change important? What threats does it help mitigate?
This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.
What works differently?
This change may cause certain security tools, such as port scanners, to run more slowly.
How do I resolve these issues?
Stop the application that is responsible for the failing connection attempts.
同意官方说法的Spooky Jan关于此的详细解释:
Yes, some of these utilities say they do but they really don't simply because they can't really. What they try to do is disable the autotune which in the beginning people claimed cause the 4226. This was based upon something that occured during the beta when autotune wasn't working correctly (it was a beta after all). In the RTM these utilities do not increase the number of TCP/IP connections. Besides the way this works is there is no need to increase this as the limit of 10 in reality only affects connections that do not respond or time out during the TCP/IP hand shaking process - if all the connections connect and are sucessful in the TCP/IP handshaking and do not time out this limit of 10 has no effect - in other words if all the connects are good and act like they are supposed to there is no limit. In practical reality the 4226 error is not really an error, its something that tells you some of the connections did not sucessfully negoiate the TCP/IP handshaking process or timed out.
Even in winXP when the so called 'fix' for TCPIP.sys was put out with the hacked file it did not actually remove the limit, the hacked file just changed the limit to a higher number - by doing this the 4226 was not reported until the higher number was reached, so people had connections that did not do the TCP/IP handshaking sucessfully or timed out and they didn't even know it until much later when the higher limit was reached. the people who hacked the file and distributed it advertised it as "more TCP/IP connections" when in reality it did not do anything at all for the number of connections and the TCP/IP was still functioning exactly the same as it was before being hacked. It did nothing for the number of connections because there was nothing to do because there was no limit to begin with. The people who hacked the file did so in the mistaken belief that they were changing some limit, they simply did not understand how TCP/IP operates. The same is true for Vista, its how TCP/IP operates.
The 4226 event has been widely touted has placing a limit on the numer of connections you can make. In reality its only telling you that some of the connections did not do the TCP/IP handshaking properly or timed out duing the connection attempt. Thats all its telling you. Is it not telling you there is a limit on the number of connections you can make, and is not placing a limit on the number of connections. The connections that it reports are connections you could not use anyway because they did not actually connect due to either conditions on the net, the path, or the client on the other end. There is no limit to change, there is no limit on the number of connections you can make. What your seeing is the exact same activity for every TCP/IP stack in the world on every OS in the world, MS is just reporting it to you thats all. What your seeing is simply how TCP/IP sees the connection and how TCP/IP operates, its what is happening on the net, not on your computer. Changing any file will not change the effect your seeing, because what your seeing has already occured outside of your computer, not on your computer, and on the net and these are conditions you can not control. So it is not true that a utility can increase the number of connections you can make, there is no file you can hack or change to increase the number of connections, and it will not be true, ever for TCP/IP, simply because there is no limit on the number of connections you can make and the event 4226 is in reality only reporting bad connections you could not use anyway because they never really connected.
Windows Vista上关于此的详细讨论:Windows Vista _ Event id 4226
Vista下类似XPSP2解决方案的补丁下载:Vista TCP/IP Limit AutoPatch
[ 本帖最后由 xiaoshancom 于 2007-9-4 17:48 编辑 ] |
|
/1 
关于我们
发表于 2007-9-4 09:07:12
