Slow, Incomplete or No Access to Some Secure Online Banking Web Sites

Applies to:


Known to affect Windows 2000 and Windows XP with Internet Explorer Versions 5.5 SP2, 6.0 and 6.0 SP1. (Possibly others)


Symptoms:


Used to be able to access and use secured websites. These may include On-Line Banking sites or shipping sites like Fedex.com for account management. Suddenly, the site loads very slow, not at all, or when you log in, it sticks waiting to login.


Issue:


Information to, from and across the Internet are sent in what are called packets, or envelopes. These come in various sizes depending on the nature of the request and amount of information. For example, a ping is a very small packet size while a web page with lots of graphics and material will use many (possible hundreds) of large packets to transport all the information to you. Think of it as a difference between a post card and an envelope that contains your tax returns.


Sometimes, the packet size is restricted by either a firewall, a router on the Internet, or by one of the computers. Generally, the packet (MTU) size is negotiated between the two computers involved and generally less than 1500. If the MTU size is not negotiated properly, routers and firewalls have the ability to fragment the packets into smaller sizes that can then pass correctly.


However, in the case of some secure websites, the security software installed sees that the packets have been fragmented or otherwise altered, and take that as an indication that the information in the packet is possibly malicious, and silently drops it. In the mean time, the requesting computer is sitting there waiting and waiting, until it finally times itself out.


This can also be caused be either a router, firewall or computer in the path which is blocking ICMP Code3 Type 4 packets, which blocks the sending computer or firewall from discovering the MTU path and/or size available.


Resolution:


Important: The resolution involves modifying the registry. Only do this if you are absolutely sure of what you are doing. Making a mistake while modifying the registry could render your computer useless, and require a reinstallation of the operating system.



  • Always keep your computer up to date by applying the latest patches from Microsoft. This can be done by going to http://windowsupdate.microsoft.com and scanning your computer for updates.
  • Apply MS patch 810847. This is available at http://www.microsoft.com/windows/ie/downloads/critical/810847/default.asp. More information can be found at http://support.microsoft.com/default.aspx?scid=kb;[LN];810847.
  • Apply MS patch 813951. This is available at http://www.microsoft.com/windows/ie/downloads/critical/813951/default.asp. More information can be found at http://support.microsoft.com/default.aspx?scid=kb;[LN];813951.
  • Make sure you have a backup of your system files. Open a registry editor (Start, Run, Regedit, Enter) and go to HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Tcpip\Parameters\Interfaces. There will likely by more than one interface listed under Interfaces. One will have 25 lines or more, and the others should only have about 10 lines. The Interface folders will have a name something like {86A259C7-D589-EA91-539AB53A368C}. When you find the appropriate Interface, click on it to highlight it, and then see if there is a line under Name that says MTU. There probably is not, you will have to add it. Go to Edit, New, Dword. The name is MTU. Right click on it and chose Modify. Make sure Decimal is selected in the Base box and type in a value of 1400, and then click on OK. You can now close Regedit. You will have to restart your computer for this to take effect.

  • Leave a Comment

    Your email address will not be published.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Scroll to Top