Windows Xp Service Pack 2

**4play** · 08-13-2004, 12:29 PM

What new functionality is added to this feature in Windows XP Service Pack 2?
Restricted traffic over raw sockets

Detailed description

A very small number of Windows applications make use of raw IP sockets, which provide an industry-standard way for applications to create TCP/IP packets with fewer integrity and security checks by the TCP/IP stack. The Windows implementation of TCP/IP still supports receiving traffic on raw IP sockets. However, the ability to send traffic over raw sockets has been restricted in two ways:

TCP data cannot be sent over raw sockets.

UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped.

Why is this change important? What threats does it help mitigate?

This change limits the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets, which are TCP/IP packets with a forged source IP address.

nice to see microsoft finally came to its senses and finally removed raw sockets. This does break a few programs like nmap and a few p2p apps but it can be worked around.

never really had a problem with the 10 incomplete connections everyone is gassing about. why is it affecting only certain p2p apps badly. maybe the protocol they use should be made more efficient, just a though.

**AndrewBarker** · 08-13-2004, 01:07 PM

Originally posted by 4play@13 August 2004 - 13:30
never really had a problem with the 10 incomplete connections everyone is gassing about. why is it affecting only certain p2p apps badly. maybe the protocol they use should be made more efficient, just a thought.

same here

and I'm averaging 100 connections at any one time, peaking at 267 over the last 24 hours (emule)

**Ariel_001** · 08-13-2004, 04:25 PM

Originally posted by AndrewBarker+13 August 2004 - 09:08--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (AndrewBarker @ 13 August 2004 - 09:08)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-4play@13 August 2004 - 13:30
never really had a problem with the 10 incomplete connections everyone is gassing about. why is it affecting only certain p2p apps badly. maybe the protocol they use should be made more efficient, just a thought.

same here

and I'm averaging 100 connections at any one time, peaking at 267 over the last 24 hours (emule) [/b][/quote]
Same here, I don`t see any problems. Even thought I have mange to trigger it...

**abu_has_the_power** · 08-13-2004, 06:32 PM

right now, is the tcp limit to 10 the only problem with sp2? and how do i make it slipstream?

**lynx** · 08-13-2004, 07:12 PM

The problem occurs when you get 10 (or more if you've patched a higher number) consecutive failed connections. So if a p2p prog tries to make a connection to a sharer who's connection slots are full, that counts as a rejection. As soon as you get 10 consecutive failures like then your program is locked out from making any more connections (assuming I've understood things correctly). Things may appear ok at first but once you've triggered the block, as you disconnect from sharers I believe you may find things slowly deteriorating.

P2P clients could overcome this problem by accepting the connection, then sending a "not accepted" packet and then disconnecting. Emule may work this way, it is not an efficient concept but may explain why it doesn't have the same problems.

So for instance if you are using a version of bittorrent which uses a separate instance for each torrent you have 10 (or your patched number) consecutive failures for each torrent. On the other hand if you are using a client such as ABC which has one program for all torrents the limit applies to all your torrents combined so it is much more likely to occur.

There must be a way round this other than the patch. I think I've possibly thought of one myself (and it is very simple), but since it involves software rewrites there's not much point in revealing it here (PM me if you really want to know). As soon as the worm writers work it out the restriction is useless anyway.

**lynx** · 08-13-2004, 07:15 PM

Originally posted by abu_has_the_power@13 August 2004 - 19:33
right now, is the tcp limit to 10 the only problem with sp2? and how do i make it slipstream?

Here's a guide

**4play** · 08-13-2004, 07:18 PM

how to slipstream sp2

seems like a rather long winded process unless you are going to install it on lots of machines.

@lynx what is this miraculous work around we need to know

**chinook_apache** · 08-13-2004, 07:24 PM

just download ntlite and that has some steps and you can slipstream and create unatteneded cd. it is really easy to use

**abu_has_the_power** · 08-13-2004, 07:39 PM

thanks. i think i've done this b4, but i didin't know wat i did was called slipstreaming. so are there any other probs with sp2 rite now? i'm installing sp2 on a virtual pc. cuz if this 10 connections issue can be fixed easily, i'll update my current os with sp2 as well.

**abu_has_the_power** · 08-13-2004, 08:20 PM

is there any way i can slipstream sp2, xp, and the tcp fix to alow unlimited connections all together?

Thread: Windows Xp Service Pack 2

Thread Tools

Bookmarks

Bookmarks

Posting Permissions