TCP Apocalypse

In the event of pressure loss
All our lines are busy now
I will be laughing out loud anyhow.
— David Byrne, "Tiny Apocalypse"

Windows XP SP2 rate limits how many open TCP connections you can create at once. Nobody told me this. For 99.999997% of the world's computer-using population, this is fine. Beneficial, even, since rate limiting helps stem the spread of viruses and worms, and even diminishes the strength of individual zombies in a DDoS attack.

But I just don't care for that word, "limit". "Limit" means that a bunch of eggheads in Redmond have decided how I am allowed and not allowed to use my computer. That irks me. I cannot say I blame them. See the aforementioned percentage of people for whom rate limiting is no problem. Still, it bothers me.

Now before you freak out and decide that SP2 is the Devil and you shouldn't install it on your system, I say you this: relax. Take a deep breath. We're going to get through this. First, we need to understand what's going on here. Then we'll work on fixing it.

Microsoft has imposed in Windows XP SP2 a limit of 10 open TCP connections at once. What this means is that when your system runs viral code, the last thing the virus usually does is retransmit itself, usually by soaring across networks just as fast as it can, trying to exploit the exploit that allowed it to infect its current host. If you've ever seen viruses run, they open a ridiculous number of connections at random, and hope to hit something. This is usually what tips people off that something is wrong on their Windows 95 machine: stuff just grinds to a halt for no apparent reason. There is a reason, and it's because your system is chatting its little heart out, much to the detriment of your enjoyment of Word and Photoshop and FreeCell.

So you can understand why, when building a service pack with an emphasis on system security, Microsoft wouldn't exactly notice that it's confused "security" with "preventative mutilation". It's a fact that crime suspects often flee from police on foot. So you rigorously teach people that breaking the law is bad, and you shouldn't do it. Then you amputate everybody's legs, just to be sure. I'm not saying I don't like the idea; in fact, I love it. Here's why: viruses that will inevitably circumvent the security measures of SP2 will, unless they additionally circumvent the TCP connection rate limiting feature, not spread nearly as fast.

Admit it. There's a reason why they called it the Slammer worm. And Blaster blasted at every router in the world in about three days. Infection is bad enough, but transmission is the real threat. By clamping down on how fast an infected host can infect others, you essentially reduce the severity of the attack simply by giving others a fighting chance at patching in time. Fewer hosts are infected because fewer hosts are being contacted. Bandwidth consumption stays low. Sysadmins rejoice, somewhat. TCP rate limiting for the masses is wonderful. Bravo, Microsoft.

Here's the problem. Some software should be allowed to open several TCP connections at once. You know what I'm talking about. It's P2P software. Things like BitTorrent, KaZaa, and Gnutella all depend on several coexisting P2P connections, all of which communicate exactly like a virus does. You might say that viruses were the original P2P applications.

So if you want to run your P2P stuff, you're going to be severely hurting if you run SP2, because now you're exclusively limited to opening 10 connections at once. This shouldn't hurt your P2P stuff, but it does. This isn't Microsoft's fault, it's the P2P programmers' fault. Hey, guys: write better software.

I simply haven't been able to run certain applications since installing SP2, and the TCP rate limiting feature is why. So here's how to fix it. God bless the Germans.

The Germans have a page detailing how to fix this rate limiting. If you're good, I mean really superb, you can hex edit the Windows system file "tcpip.sys" to remove the rate limit. Mere plebians such as myself should probably stick to running the patch program instead. There is no shame in not fucking up your XP system. Take it from one who knows.

The patch will not turn off the rate limit, but rather increase it to 50, which should be plenty, even for the remaining 0.000003% of the population. I can think of five people who would be hurt by a rate limit of 50 connections. Three of them would probably be breaking the law in the first place. 50 is plenty: for you, for me, for everyone, for now.

Don't be stupid: Before you run the patch, create a system restore point, then patch, then reboot ASAP. You will be warned that system files have changed. That's to be expected, since that's exactly what you've just done. But when you reboot, your 10 new TCP connections limit will be 50 new connections. Viva P2P.