Hello P2P Supporter,

If you installed Windows XP SP2, then Microsoft has severly limited the rate at which connections can be made on your computer. Where you used to be able to establish hundreds of connections in a short period of time, you may now only establish connection to 10 peers. Any more than 10 connections in often 10+ seconds (this depends on the latency of the connecting party) will cause new connections to become throttled and eventually denied all together.

This has serious damaging effects to eMule, the eDonkey Network, P2P as a whole. It means a slower network and eventually fewer search results. It means connections fail more frequently and losing your spot in someone's queue. It also provides a means for disruptive users or music industry thugs to sabotage P2P networks by preventing connection opportunity through SYN attacks.

This also effects your web browser and other internet applications. If you ever notice slow browsing, broken images, or ignored page requests while you have eMule running... now you know why!

And even searching for new multiplayer game servers will be severly hindered.

You can tell if this new "speed limit" is effecting you by viewing your System Event messages (Right-Click "My Computer > Manage > System Tools > Event Viewer > System"). You will see yellow-triangle Warning events with "Tcpip" as the Source. Double-Clicking on one of these events will display the following message.

" TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. "

Micro$oft implimented this feature to slow down the effect of email worms and exploits. They figure people don't need to be making so many connections in such a short timeframe, even though P2P demands it. Yet another tactic to try and curb file trading.

There is a fix however. It requires editing your tcpip.sys file, which is located in your c:\windows\system32\drivers\ folder. There may be other tcpip.sys files on your system, but this appears to be the important one. This file is a binary file, and requires a hex editor to make changes.

Before making any changes to your system, always backup what you're about to hack.

The following instructions are for the Final Release of XP SP2 (build 2180). Other builds may or may not have the same tcpip.sys file. The file should be exactly 359,040 bytes and have a Last Modified time of 8/3/2004 11:14 PM. Its CRC-32 is 8042A9FB and MD5 is 9F4B36614A0FC234525BA224957DE55C.

This fix will remove all tcpip socket creation limitations in Microsoft Windows XP SP2.

In your hex editor...

First Goto offset 130 (hex) or 304 (decimal)...
Replace these 4 bytes of hex data: 6E 12 06 00
With these 4 bytes of hex data: 62 13 06 00

Then Goto offset 4F322 (hex) or 324386 (decimal)... *from beginning of file*
Replace these 4 bytes of hex data: 0A 00 00 00
With these 4 bytes of hex data: FE FF FF 00

If any of the data that you're replacing does not match exactly, double check what you are doing, or abort completely.

Once you are confident you applied the correct changes, save the file. You should not experience any write protect issues while saving. If you do, log on as administrator.

Reboot.

YOU ARE NOW FREE FROM MICROSOFT RULE AND OPPRESSION!
well, just a little bit anyway. enjoy!

[source: http://www.lvllord.de/]

Sounds great... if it works.

I'll let someone else try it first.

Until there is a simple tool that makes the correction, this won't be adopted by the masses. Most ppl do not have even hex-editors available..

You can find an automated fix here :
http://www.lvllord.de/4226fix/4226fix.htm

That's great, I've found another link also: http://www.neowin.net/forum/index.php?act=...st&id=584323903

This patch DOES get rid of the 4226 events from the Event Log, however, it does not totally cure the problems when running eMule with SP2.

I am still experiencing dropped PING packets when running both eMule and IE simultaneously. This is resulting in Messenger disconnecting. I think that there is something else in play here, but I'm not quite sure what.

I did note that SP2 seems to play with some of the TCP settings, which I have reset with TcpOptimizer program (www.speedguide.net)....

....but my problem remains

Works like a charm, thx a million

/Ichon

[Edit: To below comment]
Well maybe I don't get it, but atleast everything works like the good old days, now. So good hunting NoFace ...
[/edit]

You really don't get it, do you?

This limit does not influence eMule's performance AT ALL. What does happen is that eMule takes maybe one or two minutes longer to make all the connections, that's all.

from Microsoft website :
http://www.microsoft.com/technet/prodtechn...ion127121120120

Just hope all these infested people will upgrade to SP2 so we can get rid of those constant DDOS like attacks that bring our broadband routers on their knees.

Fully automated version :

https://a833.c1s1.net/seos/833/mpd/x1000f0^...PSP2Patch%2EEXE

Able to uninstall.

I've got Winxp Professional with service pack 1. Should I even bother installing service pack 2? I'm a regular user of torrents and emule, so I'm not sure wether to install it or skip it. Any suggestions? Any benefits from installing it?

The main feature with SP2 is that it greatly reduces the chance you get infected with virus/worms. Also, provides a quite neat pop-up blocker in Internet Explorer.

If you don't have an external firewall (e.g broadband router), I suggest that SP2 is installed and the Windows Firewall (only way to get boot time protection in Windows) is activated.

I use both WF and Kerio FW, plus that I have a broadband router. You can never be safe enough!

MS makes an update to improve security and people start patching their systems to undo it... just to reduce their p2p startup time...

I`ve now installed SP2 without patching and my emule don`t seem to be running any different. But given the higher level of protection even if startup had been affected I prolly wouldn`t have installed the patch anyway.

@wdekler
Most probably the same ppl who are normally complaining about all the security holes in Windows.

I think I'm going to wait and see with this new service pack. I've been running XP for about a year now, with no firewall or antivirus software, and I've had no problems at all so far. I think I'll keep things as they are since everything's working perfectly as is. With my luck I'd install it and my pc would stop working...lol.

May I ask a dumb question?

How does someone know for sure that he has no viruses, when he don't use an anti-virus program (or a firewall for detecting outgoing connections from worms/trojans)?

Does viruses nowadays are only so bad that you either know for sure "Now I'm infected with something" or they tell you "Hi! I've infected you. "?

All I know for sure is that my pc is working perfectly, my download speeds are terrific, and spybot hasn't found any spyware/malware on my pc in about 8 months.

I go by the saying "If it isn't broke, don't fix it." Everything's working as it should so I'm not going to mess with it by installing sp2 at this moment. I'll wait and see what other problems arise from sp2 before I tamper with my setup. So far there's been no word of any real benefits for me to install it, just the downer of having to go install an unofficial patch so my downlads won't be affected. That right there tells me to not bother downloading sp2.

Allthough you could have a virus gathering info like credit card info. Some viruses like blaster slap you round the face and say i'm here, there there to annoy you but others are more subtle. Hey does any one remember the las vagas virus which made you play roulette for every ten megs of your hdd, it was quite funny when you stopped crying.

Modern virusses are very easy to detect / prevent for users. You don't need a virusscanner if you know what you are doing:

Modern virusses don't infect .exe files. DOS virusses have no effect in windows. Most of them aren't really virusses, because they don't infect files, they just install themselves and try to spread over the network.

Virusses always show up in the task list and you know you have one if strange tasks are in the processes list. The same is true for the programs starting up.

Usually when you download a program you don't trust, if it doesn't do what you expect it to do, then it's a virus. You really should have an on demand scanner for these kind of virusses

@cymen
You're right about that!

Well, I usually don't want to find a virus by finding out that strange apps are running on my machine. I want to catch them before causing any damage.

NAT routers are good! Probably everyone should have one nowadays. It's one of the best protections against active intrusion attempts (e.g Internet worms). This is preferably also combined with a personal firewall (software firewall) on your PC.

If you go to microsoft.com and check the fix for "error socket # 10055 ",you'll get
instructions how to change the registry,wicth will allow you connections 65535 +.
I've done this before SP2 installation and works fine.Now with SP2 installed I don't
see any difference or problems.

Same happened to me too
But I installed a Firewall and Antivirus to clean the system instead of reinstalling, (I installed some other programs before the blaster appeared)

I applied the patch and i still get this in Event Logs!?

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Why is so?

Read guillaumeemule`s post on the first page of this thread, there`s also another thread with more detailed posts and links too.

After installing SP2 I have not installed the patch, my queue is 6000 at the moment with a lot of traffic coming in and out, I also have Azureus running with many connections, I still only have about 20 4226 events in the log, but the important thing is both apps run fine and are unaffected. It really isn`t anything to be worried about, just a bit of extra security.

Ok, just thought those log entries mean that patch didn't worked. Anyway,eMule does work the same as before heh. Thx

Here is a treasure of information. Unfortunately I don't have enough computerknowledge to understand it, let alone use it to make a decission.

Could anyone tell me: Can I just try it out? Is it possible to deinstall SP2? How?

Thanking you in advance,
R

i think its an good idea any way as it will slow down DDos and slow down users who set it to very high setting in p2p programs any other programs as well

i my self have installed sp2 and its works ok (my firend has been useing it for 2 months and he says its ok but he has an simmler mobo i have so probly does not count)

i tryed it at work and it allso seemed to work

soem peeps will have probs some will not

one thing for sure is we are going to have more Low ID clients if thay do not open there 2 ports for emule (not useing unblock button in emule )

we need to fillter out bad servers that are fakeing an open port (high ID) when thay are realy firewalled

Just wanted to add one thing! As SP2 limits the number of half open connections, one may note a slight increase in the amount of time it takes to collect all sources of a recently added file. In order to reduce this one could try to simply increase the number of connections per 5 seconds setting in eMule, instead of trying to fiddle with the patch straight away.

i would of thought of setting this to 10 connectons per 5 secs as any new half connections that are been opened after 10 will be droped (i gessing) forceing an higher setting will just make it drop the 20 half open connections that emule just tryed to open (say emule just tryed to open 30) so we lose sources

but it looks like it will just que them but i wunder how big windows que is (sounds like QoS queing) so setting an higher number is not so good as emule will probly time out if the per 5 secs is to big

We were talking about viruses,
detection without antivirus, firewall...
I don´t use antivirus, nor firewall...
I just use a task killer, and hijackthis...
I always look to startup process, and then, if there´s a souspicios one, I delete the entry...
and when I´m downloading, I use Netstat, and Essential net tools...
and if you see a souspicios .exe, dll, com, or wathever, go ans ask the "google"...
if they say something like virus, adware, troyan, spyware, etc, delete it...
ready
and if you´re still doubting, use an online scanner...
good share to all!!!

Seems to work OK for me Very quick installation

this is going to invite peeps who are going to post an link that is going to do something bad

I really can't believe that people does trust some exe placed in a server "https://a833.c1s1.net" just by someone they don't know at all.

Well, SP2 hasn't made the slightest change in my average UL:DL without the patch. Admittedly I haven't felt any urge to see what the logs think about the situation.

not that it bothers me like coes my emule runs on an win2k pc my pc does run on XP but i have to test it over long time (like an week or so to see the difrence)

but i recommend just set the per 5 secs to 10 connectons as that should lower the likey hood of getting timed out half connections (basicly can you wate 5 mins longer to just ask sources as it will not inprove your download or slow it down setting this any way)

Security? You don't think virusmakers will add code to change these settings as well?

And don't you think that due to that possibility MS will try to disallow such changes to the system files?
(and then this patch will be useless and we're back to the starting point: if there's a problem in the app fix the app instead of patching the OS)

That's pretty funny... the "moment" I clicked save on my tcpip.sys file, my downloads took off.. too funny.

Hey people, check this out:

http://forum.emule-project.net/index.php?showtopic=57525

Pretty good, huh ?

Important patch???



The whole story.

WinXP SP2 = security placebo?

THANKS THANKS THANKS!!!!!!!!

The patch mentioned here is working perfect for me.
After the installation of SP2 I didn`t have any downloads only uploads.
After running the patch EMule download is back to 30kb/s!!

The 50 connections per second wasn`t enough! I have set it to 1000000 and that is working fine.