From: "Glenn Meadows" 

What kind of box?  XP Home, XP Pro, Win2K Pro, Win2K Server?  Isn't there a
10 client connect limit in the XP boxes and 2K Pro?

--

Glenn M.
"Hrvoje Mesing"  wrote in
message news:42516e5b{at}w3.nls.net...
> Hi,
>
> well, nice:
>
> Event Type: Warning
> Event Source: Tcpip
> Event Category: None
> Event ID: 4226
> Date:  4.4.2005
> Time:  14:27:40
> User:  N/A
> Computer: *****
> Description:
> TCP/IP has reached the security limit imposed on the number of concurrent
> TCP connect attempts.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> Data:
>
> ...
>
> When You check the web page You get:
>
>
>            Proizvod: Windows Operating System
>            ID: 4226
>            Izvor: Tcpip
>            Verzija: 5.2
>            SimboliŠki naziv: EVENT_TCPIP_TCP_CONNECT_LIMIT_REACHED
>            Poruka: TCP/IP has reached the security limit imposed on the
> number of concurrent (incomplete) TCP connect attempts.
>
>            Obja1njenje
>            The TCP/IP stack in Windows XP with Service Pack 2 (SP2)
> installed limits the number of concurrent, incomplete outbound TCP
> connection attempts. When the limit is reached, subsequent connection
> attempts are put in a queue and resolved at a fixed rate so that there are
> only a limited number of connections in the incomplete state. During
> normal operation, when programs are connecting to available hosts at valid
> IP addresses, no limit is imposed on the number of connections in the
> incomplete state. When the number of incomplete connections exceeds the
> limit, for example, as a result of programs connecting to IP addresses
> that are not valid, connection-rate limitations are invoked, and this
> event is logged.
>
>            Establishing connection-rate limitations helps to limit the
> speed at which malicious programs, such as viruses and worms, spread to
> uninfected computers. Malicious programs often attempt to reach uninfected
> computers by opening simultaneous connections to random IP addresses. Most
> of these random addresses result in failed connections, so a burst of such
> activity on a computer is a signal that it may have been infected by a
> malicious program.
>
>            Connection-rate limitations may cause certain security tools,
> such as port scanners, to run more slowly.
>
>
>            KorisniŠka akcija
>            This event is a warning that a malicious program or a virus
> might be running on the system. To troubleshoot the issue, find the
> program that is responsible for the failing connection attempts and, if
> the program might be malicious, close the program as follows.
>
>            To close the program
>
>              1.. At the command prompt, type
>              Netstat -no
>              2.. Find the process with a large number of open connections
> that are not yet established.
>              These connections are indicated by the TCP state SYN_SEND in
> the State column of the Active Connections information.
>              3.. Note the process identification number (PID) of the
> process in the PID column.
>              4.. Press CTRL+ALT+DELETE and then click Task Manager.
>              5.. On the Processes tab, select the processes with the
> matching PID, and then click End Process.
>              If you need to select the option to view the PID for
> processes, on the View menu, click Select Columns, select the PID (Process
> Identifier) check box, and then click OK.
>
>
>
> --------------------------------------------------------------------------
>
>
>            Trenutno u bazi znanja Microsoft Knowledge Base nema (THERE IS
> NO ANY) dostupnih Šlanaka o toj specifiŠnoj pogre1ci ili poruci o
> dogaëaju. Za dodatne informacije o ostalim mogu‘nostima podr1ke koje
> mo1ete koristiti da biste prona1li odgovor u mre1i posjetite
> http://support.microsoft.com/default.aspx.
>
>
>      ...
>
>      .. so, this is phunny as I'm only using this machine for News and Web
> in the moment :)))))))
>
>      + this is something that should protect somebody else from somebody
> else somewhere there, etc., etc.
>      + LOL {at} PRO ver. of a Windows Operating system.
>      + suggestion ?! To kill the process ?! Why ?! Wtf ? Why would I kill
> the process that is normally running ? It is OE or IE.
>      + netstat -ao is the only way to check what is really going on on the
> *Proffesional* version of the Win OS ?!?!?! - MS is again funny.
>
>      When this will end ?!
>      Will We see more of this in Longhorn ?!
>      If yes, I'll promptly forget about Windows and find a job in *Nix
> world.
>
> *Hell*
>
> + this is stopping/halting my normal work.
> *%#"/)"/(?%!?%/)?#$)/#?%)%$?)/?$&)?*
>
> Bye + Sorry,
>
>
> ---
> M.
>

--- BBBS/NT v4.01 Flag-5