Win2K resetting connections. Is there a service pack?
Simo Sorce
simo.sorce at xsec.it
Fri Aug 2 01:51:02 GMT 2002
Seem the same logic tridge and abartlet found about authentication
against w2k.
Seem a childish way to avoid possible DoS oir something like that.
If you have not finished authentication and the same client issue a
second request, w2k drops the connection.
And if I remember correctly, this happens at the TCP/IP stack level not
even at the NetBIOS one.
Simo.
On Thu, 2002-08-01 at 20:24, Christopher R. Hertel wrote:
> On Fri, Aug 02, 2002 at 04:49:55AM +0930, Richard Sharpe wrote:
> :
> > It's the NegProt. Once the first NegProt is issued on any open TCP
> > connection, all the others get RSTs if they have not got past that point.
> > It is bizare. They come from another planet, I tell you.
>
> Odd. Are these all connections from the same client? If not, then it's
> definitely a bug. You'd have only one client able to connect at a time...
>
> If it only happens across multiple connections from the same client, then
> it makes a kind of twisted sense. Microsoft may assume (since, as I
> understand it, their software works this way) that there will be only one
> TCP connection per SMB client system. I think that the SMB session is
> handled within the OS on Windows boxes, so only one TCP connection is
> needed, and therefore only one NegProt will be sent.
>
> I'm already several guesses deep, but if the server gets a new NegProt
> from the same client, it may assume that the other connections are now
> bogus. W2K expects other Windows systems to be its clients, so it may
> also expect the clients to crash and be rebooted frequently. Given those
> assumptions, it makes sense that a new NegProt would be taken by the
> server as a signal that the client was rebooted and the other connections
> should be dropped.
>
> It's bogus, but it is the same kind of logic that is behind the VC=0
> reset.
>
> I wonder what would happen if you simply didn't send the NegProt or
> SessionSetup, and just started using a [V]UID from one of the other
> sessions... Ooohh. Ouch.
>
> Chris -)-----
>
> --
> Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
> jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
> ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
> OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
>
--
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20020802/0b42d4a1/attachment.bin
More information about the samba-technical
mailing list