Win2K resetting connections. Is there a service pack?

Simo Sorce simo.sorce at
Fri Aug 2 01:51:02 GMT 2002

Seem the same logic tridge and abartlet found about authentication
against w2k.
Seem a childish way to avoid possible DoS oir something like that.
If you have not finished authentication and the same client issue a
second request, w2k drops the connection.
And if I remember correctly, this happens at the TCP/IP stack level not
even at the NetBIOS one.


On Thu, 2002-08-01 at 20:24, Christopher R. Hertel wrote:
> On Fri, Aug 02, 2002 at 04:49:55AM +0930, Richard Sharpe wrote:
> :
> > It's the NegProt. Once the first NegProt is issued on any open TCP
> > connection, all the others get RSTs if they have not got past that point. 
> > It is bizare. They come from another planet, I tell you.
> Odd.  Are these all connections from the same client?  If not, then it's 
> definitely a bug.  You'd have only one client able to connect at a time...
> If it only happens across multiple connections from the same client, then
> it makes a kind of twisted sense.  Microsoft may assume (since, as I
> understand it, their software works this way) that there will be only one
> TCP connection per SMB client system.  I think that the SMB session is 
> handled within the OS on Windows boxes, so only one TCP connection is 
> needed, and therefore only one NegProt will be sent.
> I'm already several guesses deep, but if the server gets a new NegProt
> from the same client, it may assume that the other connections are now
> bogus.  W2K expects other Windows systems to be its clients, so it may
> also expect the clients to crash and be rebooted frequently.  Given those
> assumptions, it makes sense that a new NegProt would be taken by the
> server as a signal that the client was rebooted and the other connections
> should be dropped.
> It's bogus, but it is the same kind of logic that is behind the VC=0
> reset.
> I wonder what would happen if you simply didn't send the NegProt or 
> SessionSetup, and just started using a [V]UID from one of the other 
> sessions...  Ooohh.  Ouch.
> Chris -)-----
> -- 
> Samba Team --     -)-----   Christopher R. Hertel
> jCIFS Team --   -)-----   ubiqx development, uninq.
> ubiqx Team --     -)-----   crh at
> OnLineBook --    -)-----   crh at
Simo Sorce - simo.sorce at
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list