From: "Hrvoje Mesing" 

Hi,

well, nice:

Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date:  4.4.2005
Time:  14:27:40
User:  N/A
Computer: *****
Description:
TCP/IP has reached the security limit imposed on the number of concurrent
TCP connect attempts.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:

...

When You check the web page You get:


            Proizvod: Windows Operating System
            ID: 4226
            Izvor: Tcpip
            Verzija: 5.2
            SimboliŠki naziv: EVENT_TCPIP_TCP_CONNECT_LIMIT_REACHED
            Poruka: TCP/IP has reached the security limit imposed on the
number of concurrent (incomplete) TCP connect attempts.

            Obja1njenje
            The TCP/IP stack in Windows XP with Service Pack 2 (SP2)
installed limits the number of concurrent, incomplete outbound TCP
connection attempts. When the limit is reached, subsequent connection
attempts are put in a queue and resolved at a fixed rate so that there are
only a limited number of connections in the incomplete state. During normal
operation, when programs are connecting to available hosts at valid IP
addresses, no limit is imposed on the number of connections in the
incomplete state. When the number of incomplete connections exceeds the
limit, for example, as a result of programs connecting to IP addresses that
are not valid, connection-rate limitations are invoked, and this event is
logged.

            Establishing connection-rate limitations helps to limit the
speed at which malicious programs, such as viruses and worms, spread to
uninfected computers. Malicious programs often attempt to reach uninfected
computers by opening simultaneous connections to random IP addresses. Most
of these random addresses result in failed connections, so a burst of such
activity on a computer is a signal that it may have been infected by a
malicious program.

            Connection-rate limitations may cause certain security tools,
such as port scanners, to run more slowly.


            KorisniŠka akcija
            This event is a warning that a malicious program or a virus
might be running on the system. To troubleshoot the issue, find the program
that is responsible for the failing connection attempts and, if the program
might be malicious, close the program as follows.

            To close the program

              1.. At the command prompt, type
              Netstat -no
              2.. Find the process with a large number of open connections
that are not yet established.
              These connections are indicated by the TCP state SYN_SEND in
the State column of the Active Connections information.
              3.. Note the process identification number (PID) of the
process in the PID column.
              4.. Press CTRL+ALT+DELETE and then click Task Manager.
              5.. On the Processes tab, select the processes with the
matching PID, and then click End Process.
              If you need to select the option to view the PID for
processes, on the View menu, click Select Columns, select the PID (Process
Identifier) check box, and then click OK.



--------------------------------------------------------------------------


            Trenutno u bazi znanja Microsoft Knowledge Base nema (THERE IS
NO ANY) dostupnih Šlanaka o toj specifiŠnoj pogre1ci ili poruci o dogaëaju.
Za dodatne informacije o ostalim mogu‘nostima podr1ke koje mo1ete koristiti
da biste prona1li odgovor u mre1i posjetite
http://support.microsoft.com/default.aspx.


      ...

      .. so, this is phunny as I'm only using this machine for News and Web
in the moment :)))))))

      + this is something that should protect somebody else from somebody
else somewhere there, etc., etc.
      + LOL {at} PRO ver. of a Windows Operating system.
      + suggestion ?! To kill the process ?! Why ?! Wtf ? Why would I kill
the process that is normally running ? It is OE or IE.
      + netstat -ao is the only way to check what is really going on on the
*Proffesional* version of the Win OS ?!?!?! - MS is again funny.

      When this will end ?!
      Will We see more of this in Longhorn ?!
      If yes, I'll promptly forget about Windows and find a job in *Nix
world.

*Hell*

+ this is stopping/halting my normal work.
*%#"/)"/(?%!?%/)?#$)/#?%)%$?)/?$&)?*

Bye + Sorry,


-+-
M.

--- BBBS/NT v4.01 Flag-5