Windows XP SP2 Kills Internet Connections! ⇒ News ⇒ CPG Dragonfly™ CMS

Security Windows XP SP2 Kills Internet Connections!

Posted by Raven on (10310 views)
Have you noticed that inexplicably, after applying XP SP2 that certain web pages seem to load slower? Are you experiencing slower/different ftp connection issues? Dropped ftp connections? If you have any of these symptoms and/or other 'out of the blue' issues with performance where multiple TCP connections are needed, you MUST read on! Billy Gates strikes again, apparently continuing to believe that MS knows better than you what your system needs are :GRRRRR:! For a resolution to these issues see this article at Raven's site

Comments

by
on

Just for clarification, this is not IE, per se, related. It is the TCP stack that is affected and 100% of all XP SP2 unstallations are affected. You may not need/use multiple connections, but the connections used to be settable in SP1 and were, by default, unlimited. Now they are not settable (without intervention) and are defaulted to 4. If you are using an ftp client that tries to open up multiple connections to speed up transfers and you are perhaps viewing a site with 100 images to display (this is just an example), you will not have the speed that you once had. Obviously these fixes would not be available (nor needed) if things had not changed, and for the worse. Your mileage may very, but make no mistake that everyone is affected.

Score: 0 |
by
on

My understanding of the new settings are in reference to finally establishing limits for RAW IP sockets. Given that your programs would not be using a Raw IP Socket but rather TCP and/or UDP, you and everyone else are unaffected.. RAW Sockets are primarily used in protocol analysis and security tools.... Your FTP program should be using stream or datagram for performance anyway. Sure, if you have 500 screens open to "Ping" people, you'll be affected, but let's be real here. <p>

As I see it, the real issue here is how Microsoft was handling RAW sockets before. Raw Sockets are known to be a serious exploitable flaw in Microsoft's OS's (Even still) but especially given that XP makes such a great launchpad for Trojans or Virus's by having the ability opening a thousand Raw streams for them to propogate themselves by randomly checking for available IP addresses using the unrestricted (GOD LEVEL if you will) RAW sockets..<p>

That is still the case under SP2, but now you would see errors if this happened as the number of available Raw Sockets has been restricted by the Security update. <p>

Your dedicated communications software and applications shouldn't be using RAW sockets in the first place as the default permissions this type of socket are unrestricted. These packages that don't use TCP or UDP instead use either Streaming or datagram sockets for communications and thus are unaffected by the change anyway. The only people that will notice ANY difference are security professionals in that the restriction of the Raw Sockets API prevents certain penetration test tools from running. Further, if you have XP running sniffer software, yes.. you'll see a difference (I know this first hand), but you shouldn't be using XP for that kind of thing in the first place!<p>

Again, SP2 is intended primarily as a security update. On the whole it goes a long way in addressing many of those issues. Raising this issue about Raw Sockets is a red herring.

Score: 1 |
by
on

On the contrary, ftp clients and other P2P communications use various lowlevel and TCP socket communications. This change by MS hinders these and in my particular case nearly brought me to a stand-still as it has countless others. Instead of trying to discredit this post and fix, either use it or don't. I don't really care. As I said before, if it wasn't an issue, there wouldn't be a fix. If you're not affected, then great. Many are and this is the only recourse available. BTW, PHP has built in support for RAW SOCKET communications so it is a part of the core PHP support for serious developers. This not only a common way to write communication applications but is the fastest way also.

Score: 1 |
by
on

Yes, PHP has raw socket communications abilities, but you need to understand that these are intended for INTERNAL server use, thus you don't need to cross the TCP or UDP layers. I mean, why would you need to validate already permissioned internal server communications?

I'm not discrediting the post for what it is, but rather for it's lack of understanding of what Raw is and what it does. Raw does NOT use TCP or UDP, it bypasses it. So to say that Raw sockets are in any way related to TCP or UDP port modification in SP2 is flat out wrong. Those changes are different and intended to address other problems.

P-2-P file sharing software utilizing raw sockets exposes your PC to various security issues and this is just another reason why those that utilize this methodology of communications should be avoided at all costs. You have to understand that they don't have to use raw, they could use streaming sockets which are by nature secured with data validated through the TCP layer. Again, my comments about the thread are directly relating to people not understanding the underlying issue that Microsoft's implentation of Winsock is flawed by design. Everyone in the communications field has always known this... Even Microsoft on various occassions has admitted as much.

I'm not saying that some of the changes implemented by SP2 won't affect YOU, I'm saying for the vast majority of users, the changes fix problems and plug (or at least restrict or identify) major security flaws in the design of the Operating System and Communications stack. I'm also not saying that some of the changes could corrupt your existing build, as depending on your libraries and applications, this too is possible. This isn't a raw sockets issue though, it's a build and library constuction issue. The two are vastly different.

Again, if you are finding that you need hundreds of raw sockets, then you shouldn't be running XP in the first place, you should be using Linux where you can monitor them directly and where they won't work at all without assigning formal permission for each individual socket by the administrator, or better yet, if you must use MS, you should be changing your applications to those that use proper, authenticated communications methodologies or at least running Server software like Windows 2000 Server. Trying to say that a Client Operating System like XP needs to have hundreds of open raw sockets is like saying that you need your supercomputer to play Doom. It's just not designed to do that, nor should it be.

Score: 1 |
by
on

I could no longer reliably load my own web page into my PC regardless of which browser I used. Apache opens as many child processes as it needs and for whatever the reason it was feeding more connections (4 is the new default) than what I could reliably receive. And, so far, 100% of the people who were telling me my page was suddenly loading slower have all said after applying this fix, all is well again. I even saw improvement when I bumped th4 up to 10. I rely on my virus scanning applications to handle the viruses and trojans. I am not going to have my resources blocked by MS simply because they do not know how to write secured software. I do not play any games. As I said, I had problems immediately when only using a browser!

Score: 1 |
Reply Anonymous ( Login | Register )
Article Rating
Average Score: 3.90
Votes: 11
★★★★
Please take a second and vote for this article:
User Info

Welcome Anonymous



(Register)
Community

Support for DragonflyCMS in a other languages:

Deutsch
Español