因为几个会员的回帖过于分散，我重新把关于这一话题的内容都贴在这里。

Quote:

下面是引用meet2002于2004-08-29 8:25 AM发表的 [分享]突破SP2的最大连接数限制:
使用Windows XP + SP2 or Windows 2003者的福音！

以下是原文（英文），翻译：sos0716

Event ID 4226 Patcher
What's this all for?
After almost everybody knows the >, I used a day to create for educational purpose a fix for this argumentative feature.
Unfortunately there exists no REG-key which could easily be set (would be so nice and easy, right? *smile*). The file TCPIP.SYS in the directory C:\WINDOWS\SYSTEM32\DRIVERS and C:\WINDOWS\SERVICEPACKFILES\I386 has to be changed (system dependend eventually in C:\WINDOWS\SYSTEM32\DLLCACHE, too).


Needed things:
- Windows XP SP2 (from RC2 upwards) or Windows 2003 Server SP1 beta
- patcher (2.10a)
- a small amount of time

What's been done:
To say it easy: the before 10 half-open connections are beeing increased to 50 (can be changed with the parameter /L) and the CRC is been corrected. And that's it!
What exactly is changed (for build 2092-2180), can be read in the howto.

Comment:
The method described here, should only be used by users, who know how to handle all the described. With the download of the here published program the user know, that changes are made on third party files. For damages in every kind I cannot be hold responsible for. Indeed, tests worked fine here. However, nothing is impossible.
Inf When error occurs, the patcher can change the TCPIP.SYS back to the original!

Instruction:
Just download the patcher and execute it. It will automatically find the windows directory and ask, if it should increase/decrease. For higher values, please check the help with parameter /?.
After a successful patch, the new TCPIP.SYS will be automatically installed. After that, the computer should be restartet.

当几乎每个人都知道了“事件ID4226：TCP/IP已经达到了安全限制将影响TCP同时连接请求的数量”的时候，我花了一天时间为这个有争议的部分做了一个补丁。

很不幸没有找到可以设置的注册表键值（实际上网上最开始流传的新建TcpNumConnections修改后无效），文件TCPIP.SYS 已经被修改了，该文件在 C:\WINDOWS\SYSTEM32\DRIVERS C:\WINDOWS\SERVICEPACKFILES\I386，以及C:\WINDOWS\SYSTEM32\DLLCACHE（系统隐藏文件夹）。
需要如下步骤：
- XP SP2 RC1/RC2/RC2-2 (Build 2096/2149/2162/2180)
- patcher (2.10a)
- 少许时间
做了些什么：
简单点说：小于10个半打开的连接将会增加到50（后面有张图，是手动修改的，作者只是改到了50，他认为够了（which should be enough for heavy users and should be save enough agains worm spreading），在安全和连接数之间找了个平衡，呵呵，有兴趣的可以再改，改到和原来一样）。

建议：
介绍的方法，最好是那些熟悉怎么操作的用户使用。改变来自第三方的文件，我不承担后果等等。。。（不翻了，说重要的）
步骤：
把C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS 复制到一个新文件夹，如c:\fix，把补丁也放到该文件夹，运行补丁，他会自动找到TCPIP.SYS打补丁，如果已经打过，它会问你是否还原（出了错就可以还原，呵呵）
重起，按F8进安全模式，把TCPIP.SYS复制到C:\WINDOWS\SYSTEM32\DRIVERS\、C:\WINDOWS\SERVICEPACKFILES\I386、C:\WINDOWS\SYSTEM32\DLLCACHE下替换原来的文件
重起，OK了

有提示，直接运行即可(因软件更新上面翻译可能有出入)，下载觉得有用就请支持一下。

Quote:

下面是引用okuni于2004-08-30 6:41 PM发表的 【辟谣】WinXP SP2 的所谓连接限制:
有人在 p2p 论坛上关于 system event id 4226 的讨论。还有人发布了补丁：


http://www.lvllord.de/

经我研究，报告如下：

1、用 TCPView 没有发现连接数减少，我的一个 emule 端口已建立连接数上百。
2、系统日志中的确有 4226 警告

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

3、微软网站上说明：

SP2 Changes for Network Protection

引用:
Limited number of simultaneous incomplete outbound TCP connection attempts
Detailed description

The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system’s event log.

Why is this change important? What threats does it help mitigate?

This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.

What works differently?

This change may cause certain security tools, such as port scanners, to run more slowly.

How do I resolve these issues?

Stop the application that is responsible for the failing connection attempts.



原来不是限制同一个端口上的连接数。这个改变只是延缓并发连接，目的在于防止 DDOS ，或者其它蠕虫病毒的攻击。

还好没打那个所谓的什么补丁。提醒大家切莫上当。

bbsriver 动作好快呀，谢谢bbsriver 这种对技术负责和允许讨论的精神，支持……

的确有问题！我扫描的时候，根本不行，sp2 对正在连接的连接数做了限制啦！

我进行了测试,在我的机器上,打不打补丁,4226照样出来,而且,前后我的下载没有明显的变化,
所以,我劝大家还是不要打的好!