Windows XP SP2 Kills Internet Connections!

Posted on Saturday, October 02, 2004 @ 19:52:09 CEST in Microsoft
by Raven

Have you noticed that inexplicably, after applying XP SP2 that certain web pages seem to load slower? Are you experiencing slower/different ftp connection issues? Dropped ftp connections? If you have any of these symptoms and/or other 'out of the blue' issues with performance where multiple TCP connections are needed, you MUST read on! Billy Gates strikes again, apparently continuing to believe that MS knows better than you what your system needs are :GRRRRR:!I have been chasing, for about 2 months, a very irritating and elusive issue. About 2 months ago (approx) I started having issues displaying all Internet sites that had many images on them, even if the images were small (as it turns out this was a symptom and not a cause). I then would have mysterious 'hangs'. I had ftp connection problems, etc. Trust me when I say that I become obsessed when my PC does not respond correctly :obsessive:. Anyway, I have gone through 10's of hours of debugging this and that, checked monitors, ad nauseum. I finally ran out of options and remembered that MS, in their infinite wisdom, is installing SP2 and other fixes at their will and started wondering if maybe some connection 'feature' may have been messed with. BINGO! For whatever the reason, MS ()%$$%#$%@!! changed a max connections setting. I quote:

Windows XP SP2 limits the number of possible TCP connection attempts per second to 10 from an unlimited number in SP1. This can affect performance on server and P2P programs that need to open many outbound connections at the same time. Notes - With the new implementation, if a P2P or some other network program attempts to connect to 100 sites at once, it would only be able to connect to 10 per second, so it would take it 10 seconds to reach all 100. In addition, even though the setting was registry editable in SP1, it is now only possible to edit by changing it directly in the system file tcpip.sys. Keep in mind this is a cap only on incomplete outbound connect attempts per second, not total connections. Servers and P2P programs can definitely be affected by this new limitation. Use the fix as you see fit.

For more on this and to d/l the fix, get SP2 TCP Slowdown Fix

Please note that I am not responsible for issues arising on your machine if you apply this fix. It installed on my PC w/o any problems at all and resolved all my problems. As with all fixes that you d/l from the Internet, virus scan and use caution.
 
 
click Related        click Share
 
 
Associated Topics

Internet
 
 

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by chatserv on Saturday, October 02, 2004 @ 21:36:49 CEST

(User Info | Send a Message) http://www.scriptheaven.net

Hence why i haven't applied SP2 nor do i plan to.

 
 

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by Mesum on Saturday, October 02, 2004 @ 23:08:44 CEST

(User Info | Send a Message) http://www.desitribe.com

Am I the only one who thinks SP2 comes with nothing I need? Popup killer? Google bar. Firewall? ZoneAlarm what else?

 
 

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by Raven on Saturday, October 02, 2004 @ 23:18:18 CEST

(User Info | Send a Message)

The thing is, you can rest assured that MS will be basing future fixes on SP2. I have been anti-MS for a VERY long time but it is a requirement for work or I would be a pure Linux desktop. I do have to say that I have had only one other issue and that's the download archive extension issue. So, finding and fixing this one leaves only that one other.

 
 

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by Rage on Sunday, October 03, 2004 @ 04:58:00 CEST
  
(User Info | Send a Message)

What is the point of this limitation? Security? Or are they just tryint to kill the latest p2p programs?

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by 64bitguy
on Tuesday, October 05, 2004 @ 14:10:42 CEST
(User Info | Send a Message) http://1cms.org

The real point of this particular issue in the SP2 upgrade was to limit a Trojan's ability to propogate itself using the unrestricted (God level if you will) RAW IP Sockets.

The issues raised in this post and in the "fixes" provided are not really addressing the issue that this particular part of the SP2 upgrade are related to. If fact, they are so off-topic, it's frustrating to read.

TCP port openings are different from addressing the RAW sockets in that one has NOTHING to do with the other. Raw sockets actually would be bypassing the TCP/UDP socket layer. So yes, they are different.

RAW IP sockets have always been nothing short of a serious vulnerability, and Microsoft has always known about it. Saying MS sucks may be accurate, but it would be more accurate to say that Microsoft's Winsock stack development and communications models seriously suck.

The real problem here isn't just Raw sockets, it's how certain applications have been designed to use them. Raw was NEVER intended to be used by the masses, it was developed by berkeley for diagnostics and monitoring of the communications stack.

What some APPLICATIONS try to do is convert your client into a server using administrative reserved communications priveleges, which may or may not be wrong depending on what you are doing.

Yes, file sharing software may be impacted, but was your OS designed for you to share music with 1000 other users over the net using non-verified TCP bypassed connections? No.. is the short answer. And No is also the right answer!

Keep in mind while you may love some of these applications, they by design are converting your PC from what it was designed to be and do, into something that it wasn't. What's more, they are giving permissions where none should exist and opening your PC (and internal communications networks) to SERIOUS vulnerabilities.

If you find that you are being impacted by this issue, you should really be running server software in the first place... I would recommend Linux because of the obvious advantages in managing the entire communications stack.

The ISO definition of a raw socket is: A socket that provides privileged users access to internal network protocols and interfaces. These socket types can be used to take advantage of protocol features not available through more normal interfaces or to communicate with hardware interfaces.

Again, Raw sockets were never intended for P-2-P file sharing software or other 'net based applications. They EXPLOIT the type, rather than utilize it. The better solution would be to use streaming sockets for better performance and more reliable connectivity.

If you tried to implement these programs under Linux, you would get a security violation error and they simply would not work if they attempted to use Raw sockets without formally assigned permissions by the administrator. Again, Microsoft limiting raw socket utilization is a good thing, not a bad one.

If you want to read more about this, Steve Gibson is a pretty outspoken supporter of eliminating Microsoft's utilization of the Raw Socket alltogether, do a google search by "Steve Gibson Raw".

As a communications design specialist, I've always known about Microsoft problems managing permissions in thier communications stack models. The XP SP2 update goes a long way in addressing SOME of the problems. Some of the fixes are patchwork at best, but they are designed to at least give administrators the ability to identify the problems (no, not fixing them).

The REAL problems are with users making assumptions about the way things work, versus how they are supposed to work. In the case of Raw Stacks, users were never supposed to have them at all. Microsoft could learn a lot from Linux (Unix) in this regard, but I guess that could be said about every other Linux feature as well.

My problem with this artic
Read the rest of this comment...

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by Raven
on Tuesday, October 05, 2004 @ 14:20:52 CEST
(User Info | Send a Message)

You are not understanding my point of the article. I simply was trying to use a browser and an ftp client on my machine. All was well until SP2. Then, I could no longer use multiple clients to communicate with my own hosting server or anyone else's because of their changes. Once again, MS doesn't fix the problem, they simply mask it. And, not only did they change it, they made it non-modifiable by the user/admin. I do not need more worthless MS programs/servers on my client PC. Regardless, as I replied to your similar comments at cpgnuke, I repeat here.

"On the contrary, ftp clients and other P2P communications use various lowlevel and TCP socket communications. This change by MS hinders these and in my particular case nearly brought me to a stand-still as it has countless others. Instead of trying to discredit this post and fix, either use it or don't. I don't really care. As I said before, if it wasn't an issue, there wouldn't be a fix. If you're not affected, then great. Many are and this is the only recourse available. BTW, PHP has built in support for RAW SOCKET communications so it is a part of the core PHP support for serious developers. This not only a common way to write communication applications but is the fastest way also."

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by Raven
on Tuesday, October 05, 2004 @ 14:32:13 CEST
(User Info | Send a Message)

I also have to challenge this statement by you "If you tried to implement these programs under Linux, you would get a security violation error and they simply would not work if they attempted to use Raw sockets without formally assigned permissions by the administrator. Again, Microsoft limiting raw socket utilization is a good thing, not a bad one."

There is no formal assignment by an administrator to use Raw Sockets in PHP/Linux, to my knowledge. Many chat programs use them and I have even used them as I have experimented with writing client/server applications on Linux. I have never had to do anything but call them.

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by 64bitguy
on Tuesday, October 05, 2004 @ 14:45:29 CEST
(User Info | Send a Message) http://1cms.org

Were you administrator? If not, you'd need to have root or psuedo permissions.

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by Raven
on Tuesday, October 05, 2004 @ 14:49:11 CEST
(User Info | Send a Message)

Right now, any of my RWH accounts could upload a chat program that uses Raw Sockets to their sites and use them. If that's what you mean by administrator, then yes. But, that's not what you implied. And if that is what you mean, then it means nothing as you should always be aware of what applications you place on your server. What MS did was to mask their problem, not fix it, by limiting my use of all socket applications - period.

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by 64bitguy
on Tuesday, October 05, 2004 @ 15:26:07 CEST
(User Info | Send a Message) http://1cms.org

You could use a PHP program that has raw socket operations between the user domain and the server kernel that is inherant. This would be a normal, root assigned privelege that is built into the Linux kernel.

On the other hand, an ssi that used raw sockets for client-to-server-to-client communications would be unusual as the all users communications are already encapsulated in a port 80 TCP session. Just the call to the client would require an authentication stream which would automatically trigger either a TCP or UDP session (depending on the application).

When I say root or psuedo I mean root or psuedo. I mean, the administrator has to grant those permissions in the build. They are not by default inherited.

If you are using port mirroring then any firewall rules you enable to restrict access via iptables or ipchains or other firewall programs won't affect traffic flowing THROUGH the server. However, if you are using arpspoofing, then firewall rules will affect the server because the server is acting as a router. With port mirroring the DATA is flowing via the raw sockets. Raw sockets then become "virtual interfaces" on a linus/unix system. They aren't part of the TCP/IP stack so traffic freely flows through them. That is a granted permission by the construction of Port Mirroring, it is not a default permission.

Now on the other hand, what we are talking about in this particular post are SERVERS, not clients! You can't keep confusing the two as what they are, and what they do are DIFFERENT. In the Linux Client world, you wouldn't have Raw socket permissions unless you had root permissions granted by the administrator or had been granted explicit use. Again, what I said is what I meant.

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by chatserv
on Tuesday, October 05, 2004 @ 15:28:58 CEST
(User Info | Send a Message) http://www.scriptheaven.net

In my line of usage i use sockets and multiple connections, you need these for irc chat, if i run what in irc terms is known as a bot from my pc (and i often do) chances are users will connect to the bot for multiple reasons, they do so through sockets, if i were to run said bot, my usual chat client while connected to several servers through ftp as is often the case with me and a shell to work on remotely hosted bots i would be more than limited by SP2, i would be practically shutdown.

My view on this, fix it, mask it, do what you can but leave the end user with the option to decide what he/she will allow or not, on irc the level of hostility goes well beyond madness, the few of us that have remained on it more than a few years ususally know what to expect and what basic precautions should be taken, there are those that don't, hence why switchable security levels should be available, attach a recommended tag to what they feel is the safest setting for the ones not willing to take chances but don't force the same blocked items on everyone.

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by 64bitguy
on Tuesday, October 05, 2004 @ 16:20:23 CEST
(User Info | Send a Message) http://1cms.org

True, in that particular scenario of usage, it would be nice to have the abilty to define socket type permissions at the application layer as well as to define the number of available ports for each type at the socket AND routing layers... but you've got to admit that your particular usage is anything but "normal" to the typical Windows XP user. What you could do though is use a moo or something similar that instead of using multiple ping sessions in IRC, would use a single raw session from the client to gopher box with multiple sessions to keep the sessions alive. This would take the work off the client, close the raw sockets (except one) and keep the sessions alive.

I mean keep in mind, SP2 was intended for the masses. I'm not arguing that Microsoft could at least use a GUI interface for ISO layer socket permissions, but don't hold your breath.

Again, I can only emphasize that people that are trying to run their PC's as a server, should reconsider exactly what they are using the PC for (and Operating System).

XP is anything but multi-server session friendly (in a countless number of ways)... Again, Microsoft seems content to go it alone with proprietary protocol and ISO layer management techniques. From a network communications analysis point of view, I can tell your from first hand experience that the way they manage communications ...... (I'm trying to think non-foul language here)..... Isn't pretty.

Microsoft has yet to achieve pure TCP/IP, which IMHO is the biggest weakness in the Operating System-to-wherever communications. This whole proprietary .Net thing has just made matters worse. SP2 comes not from an objective to make communications more compliant, but to prevent the existing weakness from being left totally wide-open to existing exploits commonly used by hackers and malicous trojans/viruses. I mean they HAD to do something, this is the best they could come up with for the masses.

What concerns me is how this particular issue about Raw sockets at the client level has been twisted around to look like a TCP/UDP available ports issue, which it is not. They are both issues of SP2, but they are totally DIFFERENT issues.

Securing raw sockets MUST be a priority for the client side as this is where the hackers are concentrating exploits to bypass normal TCP/UDP communications and thus its' security...

If Microsoft didn't act to start locking down raw sockets (at least at the client level), they would certainly run into more serious problems later.

Keep in mind, they haven't disabled it, just sized it down from wide-open, to an assigned number. If you think that number is too small, you of course can still change it... but better yet, if you need more, you should consider a server operating system.

As for TCP/UDP port restrictions, again, these can be fixed. If you need that P-2-P file sharing software running to 100 PC's, then you can simply change the registry setting to free up some more ports. This isn't life ending stuff here, you just need to get your hands dirty a little to fix it.

None of this IMO is justification NOT to get SP2... There are literally hundreds of other (okay.. laugh here) fixes in there. The rule still applies though, "For every fix released by Microsoft, expect two new bugs as a result"



Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by Raven
on Tuesday, October 05, 2004 @ 16:29:49 CEST
(User Info | Send a Message)

And I hope that this is the last time I need to say this: I am not now, nor was I, nor am I using my PC as a a server. I am the client and this was affecting my ability to have multiple connections opened over the IP connection FROM ANY SERVER ON THE INTERNET! I know what I am talking about and what I am referring to. This is not a server issue - it's a client issue. It's an issue with SP2 and I don't care what the technical arguments are, it's a problem and this fix fixes it.

 
 

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by porcupinepc on Sunday, October 03, 2004 @ 08:52:10 CEST

(User Info | Send a Message) http://www.porcupinepc.com

I am running a interesting program called XPLite. A cool program that allows you to uninstall Internet Explorer/Outlook Express and several other components (http://www.litepc.com/index.html) I am using Mozilla's Firefox 1.0PR browser and Thjunderbird v0.8 for email. Nice setup. No popups or spyware. Plus i find it much faster.

Joe

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by Raven
on Sunday, October 03, 2004 @ 09:33:04 CEST
(User Info | Send a Message)

I'm not sure that just uninstalling IE fixes it. The reason is that the change is actually made to the TCPIP stack and therefore affects EVERY application that uses TCPIP, if I understand the expanation correctly. SP2 sets the number from unlimited to 4!!! But, if you are not experiencing any problems then that great!

 
 

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by chatserv on Sunday, October 03, 2004 @ 10:18:04 CEST

(User Info | Send a Message) http://www.scriptheaven.net

Nice link by the way, i applied most of the tweaks and they sure made a difference, amazing how much useless crap one has taking up space and eating away at resources.

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by Raven
on Sunday, October 03, 2004 @ 11:46:00 CEST
(User Info | Send a Message)

For sure! Did you go to BlackViper's site and tweak your Services'?

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by chatserv
on Sunday, October 03, 2004 @ 11:49:16 CEST
(User Info | Send a Message) http://www.scriptheaven.net

Not yet but sure will.

Re: Windows XP SP2 Kills Internet Connections! (Score: 1)
by chatserv
on Sunday, October 03, 2004 @ 12:42:08 CEST
(User Info | Send a Message) http://www.scriptheaven.net

Done and everything looks to be working fine, all i need now is to find out how to remove services from that list that are no longer present in the pc and recall how was it that one could remove items from the control panel that did not get removed when the program they were meant for were uninstalled.

 
News ©

Site Info

Last SeenLast Seen
  • FireATST
  • neralex
Server TrafficServer Traffic
  • Total: 384,058,578
  • Today: 13,178
Server InfoServer Info
  • Jun 18, 2019
  • 03:52 am CEST