Explanation: When Windows NT attempts to make a socket connection, it sends out a SYN packet to the remote computer and waits for a reply. If no reply occurs within the timeout period (the default is three seconds), it then doubles the timeout period and retries the connection attempt. Every socket left open in this state consumes non-pageable kernel memory, and if too many sockets are not resolved, the host can run out of RAM. Since the problem is caused by non-pageable RAM consumption, Windows NT will essentially halt, and you will experience approximately two minute waits on response to toggling a caps lock key. The system will eventually recover, but it could take hours. ISS has advised Microsoft of this problem, and advised them that the amount of non-page pool that open sockets can consume should be a tuneable parameter. However, Microsoft has not (to the best of our knowledge) conceded that this is actually a problem, and to be fair, only an extremely intensive application such as Internet Scanner may be capable of reproducing this problem.
This problem typically occurs while scanning a network where ICMP traffic is filtered. If ICMP traffic is not filtered, the host machine can reply to a connection attempt with either a SYN-ACK (success), or an ICMP port unreachable. In either case, the connection attempt can be resolved.
Remedy: To avoid this potential performance degradation, follow these steps:
Open the Registry editor (either regedit.exe or regedt32.exe).
Locate the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters key, and insert the following values:
TcpMaxConnectAttempts, with type REG_DWORD, and a value of 3
TcpMaxConnectRetransmission, with type REG_DWORD, and a value of 3
For additional information regarding these parameters, please refer to your Microsoft Windows NT Resource Kit.
Warning: Incorrectly using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.