UTorrent and Zon Alarm

[Eliksec]

OK here goes please no flaming this is genuine and has happened twice now.

Please read all before commenting.

1. I am using NOD 32 up to date legal copy and scan everything i have with this and NAV Corp Edition also.

2. I am using Webroot Spysweeper Legal Copy. Also for the purpose of this used all other Adaware Spybot search and destory plus others.

3. I like to think i am very security concious and am very IT savy to coin a pharse.

4. Zone Alarms the firewall of choice and yes legal copy and up to date.

(so please dont let this go into into what software are you using is it up to date as it is and i honour ohers opions but there are other forums for which software you prefer)

OK sorry to bore you with all that but here is the concern...........................................

Last night all fine playing WOW not a problem.

Today connection cuts out every 5 min or so whilst playing but is immediatly working after.

Nothing has been installed or uninstalled all downloads go to seperate PC and are rigorulsy tested and scaned before getting on this pc.

The only thing that has happened since yesterday is that Zone Alarm pops up and says the U torrent want to send email ....

Without think and yes i know stupid i click yes without thinking.

since then the problems have started.

4 calls to ISP provider and engineer out not the line.

Will reinstall to see if that rectifies the problem

Does anyone have any ideas or suggestions on anything else to try first. (I love U torrent and dont have a bad thing to say about it but this has happened twice now)

If its any help this current errors from error log

Event Source: Dhcp

Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address (DELETED by me). The following error occurred:

The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Source: Dhcp

The IP address lease (DELETED by me) for the Network Card with network address (DELETED by me) has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Source: Dhcp

Your computer has lost the lease to its IP address ............... (DELETED by me) on the Network Card with network address ..............(DELETED by me)

Event Source: Tcpip

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

[Chrono79]

I haven't Zone Alarm but used Kerio Personal Firewall before: Can't you edit firewall rules in ZA? Next time try answering No and see what happens.

[hofshi]

program control-->programs

will let you edit firewall rules in ZA.

[jaymz21]

i have a similar problem as you, eliksec. when i was still using 1.2.2, i encountered event 4226 quite regularly. since then, i've upped my half-opens at 25 increments per time. and also changed the settings for max half open in utorrent accordingly. however, it still occurs. bitcomet never needed more than 50 but i digress. right now, i'm on utorrent 1.3 and half-opens at 125. still getting event 4226.

also, i've encountered the zonealarm warning for utorrent wanting to send out emails. i clicked on No. no more such encounters after that.

[Firon]

event 4226 means that you're opening TOO MANY connections... raising the value would make it happen more, you have to use less (maybe 10 less) than what you set for TCPIP.sys

You have no reason whatsoever to have it so high anyway, 100 is more than enough (and net.max_halfopen set to 70)

[spriseris]

i use the TCPIP.SYS patcher from http://www.lvllord.de/

it allows you to set your halfopen connection limit above the WinXP SP2 limit of 10. 50 is a good number. Then set net.max_halfopen to 40. These recommendations come from reading a lot of faqs and message boards, mostly from my old bitcomet days.

[jaymz21]

understood. thanks guys. will do so once i'm able to.

[Eliksec]

I dont have any of the issues above with overloading so any other suggestions ?

[1c3d0g]

I don't quite understand this:

1. I am using NOD 32 up to date legal copy and scan everything i have with this and NAV Corp Edition also.

:|

Do you have 2 different Anti-Virus software running at the same time? If so, uninstall Norton and keep NOD32 only.

[Firon]

Let me quote the FAQ...

This is a false positive 99% of the time. Occasionally, peers use common service ports, such as 25, 80, and so on to bypass restrictions they may have on their ISP. The only exception is on start-up, where µTorrent loads a page on uTorrent.com to check for the latest version. This functionality can be disabled in the Options, on the General Options section: "Check for updates automatically."

It also connects to router.bittorrent.com if you have DHT enabled, this is REQUIRED for the functionality of DHT.

To put it simply, a false positive means that your firewall is WRONG.

So, to sum up, there's no e-mail being sent, it's your dumb firewall (and yes ZA is dumb in the sense I'm talking about) that does little more than check for the usage of a port, without actually scanning the contents of the packets to verify whether it's an e-mail being sent or something else.

As for your other problem, it means that your modem/router is most likely overloaded by the number of connections a P2P app requires. Reduce the number of connections in the options.

[winMX_67]

I set my maxhalfopen to 40 and what an improvement!!

[splintax]

also, i've encountered the zonealarm warning for utorrent wanting to send out emails. i clicked on No. no more such encounters after that.

not such a good idea, you basically just blocked one of the peers on the torrent like Firon mentioned, they were using a service port

[Eliksec]

OK I hear all of what you are saying and i thank you for all the comments here is some answers and questions back.

I understand what you think ZA is saying where it has not checked dont forget this has happened twice now is it coincedence that after a fresh install it happened exactly after that.

I dont have 2 AV tools running i have NOD on this pc and NAV on another i just use both to scan on each pc not on the same.

If i was not using Utorrent at all in any shape way or form and was just playing WOW for instance why would i get those DHCP messages etc listed in original post.

Like i have said it only bombs out my connection when playing online games not when downloading an Utorrent works fine it is just that this problem has happened straight after clicking the yes box

[splintax]

Weird that it would happen "straight after clicking the Yes box".

Basically what we are saying is the problem (and I have it with my router from time-to-time too) is that the number of connections you have open is overloading it and causing it to crash. However the DHCP errors you have here seem to be saying something also about DHCP lease times expiring?

I would suggest that you look through your router and check out the limit on DHCP lease time, just so we know.

[bleh]

I'm guessing that he blocked the ping command , which is something ISP's sometimes use to determine if a IP lease is to expire or not. (ie, they ping you, and if you don't respond, they reassign your ip to somebody else because they think you're offline)

It could also be your router aswell doing the "lease release jigg".

So, my advice is to reset your firewall rules, and read up on what ports to block and which to keep open. (so you don't go blocking the wrong ports again)

[Eliksec]

Thank you all again for your replies and advice what a great lot

I dont have a router i have just connection to internet via cable modem with 10 Mb connection would this change anything

[Firon]

Have you tried just uninstalling Zone Alarm to test? There's been cases of the firewall nuking people's internet connections before.