SlightlyLoony
Tera Contributor
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
05-21-2009
07:26 AM
A Discovery user recently bumped into a Windows "feature" that had the unhappy effect of forcing the normally zippy Shazzam probe to slow itself way down — by a factor of over 100. Yikes! What has Microsoft foisted upon us this time?
It's called "concurrent, incomplete outbound TCP connection attempt limiting". This feature is on by default in Windows XP SP2 and up, and off by default on Windows Vista. We haven't found documentation on other Windows versions — if you've got experience with this feature on them, please let us know. To quote Microsoft's TechNet (more here😞
Establishing connection—rate limitations helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in failed connections, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.
Connection-rate limitations may cause certain security tools, such as port scanners, to run more slowly.
Connection-rate limitations may cause certain security tools, such as port scanners, to run more slowly.
So … basically, if you have this feature enabled then Windows thinks Shazzam (and other port scanners like it) is evil, and slows things way down (while simultaneously polluting the event log with error events). The solution, fortunately, isn't very hard: don't run a MID server on Windows XP, and don't enable this feature on any server version of Windows (we're guessing that it's available on Windows 2003 as well) if you want to run a MID server on it.
Thanks a bunch, Bill...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.