Event ID 4226 Patcher
- BIOT (eEye) の様なパッチだそうです
- 某所で話題にあがったんでメモ
- あと、関連しそうなリンク
Limited number of simultaneous incomplete outbound TCP connection attempts (Microsoft)
Microsoft Windows Server 2003 TCP/IP 実装詳細 (Microsoft)
NetCrunchとWindowsXPのSP2 (AdRem Software)
Security in Microsoft Products with Mike NashMike Nash (Expert):
Q: We've seen some OS crippling in XP SP2. Does MS think this is truly useful mitigation for when a user has run arbitrary, unmanaged code? ("Immutable laws of security...") Should we expect to see a lot of capabilities in Longhorn trimmed in similar attempts?A: So I assume you are referring to the changes in SP2 to limit the amount of TCP connections over raw sockets and simultaneous incomplete outbound TCP connection attempts. These were done to limit the ability of malicious code to create distributed denial-of-service attacks and limit the ability to send spoofed packets, which are TCP/IP packets with a forged source IP address. Also, these changes help to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program. We will look at other methods malicious code writers are using and make sure that they are architected correctly to allow proper functionality while limiting their ability to impact customers.