Originally posted by: bsobel
And now, with XP SP2, it's not doing that. Only a single IP within that block is allowed access.
The important part of that quote was "The third sentence, which says that 127.0.0.1 with a bitmask of 32 is the common implementation for loopback- a bitmask of 32 means that
only 127.0.0.1 is loopback, not 127.0.0.x. The second sentence can be taken to imply that 127.x.x.x could all loopback, but the third says that this is not the ordinary implementation." Not saying MS shouldn't restore the previous functionality (doesn't appear it was intentionally removed), I was just commenting that I don't think the RFC is as clear as you suggested on the issue. The hotfix is available and that will migrate into a public fix after it gets regressed.
I was just trying to point out, that even as you quoted, the standard calls for the entire
block of 127.x.x.x IPs to be considered the localhost loopback.
The fact that it also mentions that a
common implementation only supports 127.0.0.1, doesn't make that the actual standard, IMHO, just an example. The actual standard reserves that entire IP range/block, and that fact is well-understood among networking people. The fact that otherwise legitimate and working networking apps broke because of MS's code changes also tends to support that.
Originally posted by: bsobel
From my reading of the posts over on Neowin.net, the registry entry, or at least the previously-documented "TCPConnectionLimit" one, does not affect/mitigate the new TCP limitations introduced with XP SP2. If you are aware of a simple registry tweak to "turn off" that feature, I would be interested. I would much rather use a registry tweak than a hacked/patched system binary to fix that issue.
I might be wrong on this, there was a key (or at least I was told there was) during the beta. I didn't followup us (as I actually see this generally as a welcome change, it will help slowdown future worms). I'll have dig some more when I get back into the office. Curious tho, why do you feel that you need this? (I suspect your one of the folks who legitmately use portscanners/etc but thought I'd ask if there was a different reason)
Cheers,
Bill
No, I don't do any portscanning, I'm just bothered by MS putting arbitrary limits on basic features of the OS. What's next? Only being allowed to run three programs at a time? (Oh wait, they already
did do that...)
I know that I am vigilant enough in knowing my system's behavior and performance, that my system is not at risk from spreading any sort of network-borne worms or malware. I agree though, just like the firewall being enabled by default now, it is generally a positive change for the majority of users out there, who either can't or don't properly administer their machine.
(Remember when the NT4 Workstation betas had an enforced limit of 10 incoming/listening TCP/IP connections? Thankfully MS listened to the harsh criticism at the time, and changed it from a technical limit to a EULA-imposed limit by release, and therefore most people totally ignored it in practice. MS was just trying to prop up their monopoly and destroy their competitors in the emerging Win32-based web-server market. I beleve that O'Reilly was very outspoken about this, because they also offered a Win32-based web server platform at the time that competed against the "free" IIS. Gotta love monopolies at work.)