雖然有人說換成SP1之後就不用擔心連線數不夠的問題....

不過...



...還是有警告啊...

http://gxdipw.bay.livefilestore.com...ckTcpipv744.zip

VISTA32 SP1 正用以上檔案養動物中....
還沒遇上什問題
X64不要用以上檔案嘿
出問題 一概不負責

bitcomet不是內建可以增加到500連線數的破解嗎??
500應該大多數都夠用了吧!!

大家總是在迷思中打轉....
XP, Vista 從來沒有限制過連接數，只有限制「同時」要求連接的數量。
而且你裝 cFos 的話，不是會有個網頁告訴你，經過實驗證明，50 才是最佳設定，超過反而會降低效率.

所以的測試結果, 是基於他的測試環境和條件
如果在 eMule, BT or 架設 Web Server 環境下去測試 cFos, 最佳值未必是 50

一般大家在談的連線數量限制, 就是指 "同時" 連線數量在談

http://www.soft4fun.net/article.asp?id=390

不知道這篇寫的對不對，不然應該是限制「同時等待SYN-ACK封包」的連線數量，

完成三方交握後的TCP連線應該是沒有限制才對...

去 微軟 官方網站查了一下

[DOC] Service Pack Overview
http://download.microsoft.com/downl...view_120904.doc

SYN attack protection is enabled by default— To mitigate the impact on a host experiencing a SYN attack, TCP/IP minimizes the amount of resources devoted to incomplete TCP connections and reduces the amount of time before abandoning half-open connections. When a SYN attack is detected, TCP/IP in Windows Server 2003 and Windows XP lowers the number of retransmissions of the SYN-ACK segment and does not allocate memory or table entry resources for the connection until the TCP three-way handshake has been completed.



Transcript: Windows XP SP2: Windows Firewall, February 9, 2005
http://www.microsoft.com/windowsxp/...5_Feb09_wf.mspx

Grant_MS (Expert):
Q: is Microsoft intending to remove the cap on the number of sockets a program can open? It only let's an EXE open 20 sockets i believe.
A: I think that you're referring to the per- process cap on the number of half-open sockets, to prevent your computer from being used in denial of service and other attacks. The number of fully-connected sockets is not subject to this limitation, so an application can get around it simply by not opening sockets faster than they can connect. The limit on half-open sockets is an intended security feature and there is no intention to remove it.



Security Threats
http://www.microsoft.com/technet/ar...t.mspx?mfr=true

The goal of a DoS attack is to prevent hosts or networks from communicating on the network. An example of this type of attack is the SYN flood attack:

When a client attempts to contact a server service, the client and server exchange a series of messages. The client starts by sending a TCP connection request or SYN message to the server. The server responds to the SYN message with an acknowledgement ACK-SYN message. The client then acknowledges the server's ACK-SYN message with an ACK message. After these three actions take place, the connection between the client and server is open and they can exchange service-specific data.

The problem arises when the server has sent the SYN-ACK message back to the client but has not yet received an ACK response from the client. This is now a half-open connection. The server keeps the pending connection in memory, waiting for a response from the client. The half-open connections in memory eventually will time out on the server, freeing up valuable resources again.

Creating these half-open connections is accomplished with IP spoofing. The attacker's system sends a SYN message to the victim's server. These messages seem to be legitimate but in fact are references to a client system that is unable to respond to the server's SYN-ACK message. This means that the server will never be able to send an ACK message to the client computer. The server now has half-open connections in memory and eventually will fill up the server connections. The server now is unable to accept any new connections. The time limit on half-open connections will expire. However, the attacker's system keeps sending IP-spoofed packets faster than the expire limit on the victim's server. In most cases the victim of such an attack will have difficulty accepting any new, legitimate incoming connections.



Microsoft PowerPoint - WORM04.ppt [Read-Only]
http://research.microsoft.com/~helenw/papers/worm04.pdf

Windows XP SP2:Securing the Network
• Windows firewall (ICF)
– On by default
– Stateful: automatically matching inbound traffic with outgoing requests
– Boot time security
– Limit the number of half open TCP connections to 10
– Application affected: those listen for unsolicited traffic (e.g., file/printer
sharing, uPnP, remote desktop, remote admin, ICMP options)

應該是說.. 當連線已經建立的話是不受限制的

只是這在邏輯上對 P2P 軟體會很有問題, 相對的來說有時會影響到正常的網路瀏覽運作

因為 P2P 軟體一直不斷的和 server board 交談然後 update connection list. 每一個update 過的 connection list 要先 request SYNC 連線動作 才可以做到 P2P 的功效.
雖然說是每秒鍾能容許 10 個連線, 但是對於 P2P 用戶來說, 如果你的 seed 很流行的話 10 個 SYNC request 根本就不夠用.
然後會間接影響到一些要和 server 持續做連線的軟體, 像 MSN 和 RSS.

其實如果只是普通用途, 10 sync 是夠用, 只是我覺得 MS 的方法太偷懶了, 為什麼不要發展一些類似 IDS 的軟體給 Desktop user, 而想出這種偷懶的方法.

我也是,我連出現tcpsis都沒看到
選安全模式進不去,一直重開機之前更新到SP1遇到這個情形就是一直重灌