Win2K resetting connections. Is there a service pack?
Richard Sharpe
rsharpe at ns.aus.com
Fri Aug 2 06:53:02 GMT 2002
On Fri, 2 Aug 2002, Simo Sorce wrote:
> Seem the same logic tridge and abartlet found about authentication
> against w2k.
> Seem a childish way to avoid possible DoS oir something like that.
> If you have not finished authentication and the same client issue a
> second request, w2k drops the connection.
> And if I remember correctly, this happens at the TCP/IP stack level not
> even at the NetBIOS one.
Well, in this case it is limited to port 445 ...
> Simo.
>
> On Thu, 2002-08-01 at 20:24, Christopher R. Hertel wrote:
> > On Fri, Aug 02, 2002 at 04:49:55AM +0930, Richard Sharpe wrote:
> > :
> > > It's the NegProt. Once the first NegProt is issued on any open TCP
> > > connection, all the others get RSTs if they have not got past that point.
> > > It is bizare. They come from another planet, I tell you.
> >
> > Odd. Are these all connections from the same client? If not, then it's
> > definitely a bug. You'd have only one client able to connect at a time...
> >
> > If it only happens across multiple connections from the same client, then
> > it makes a kind of twisted sense. Microsoft may assume (since, as I
> > understand it, their software works this way) that there will be only one
> > TCP connection per SMB client system. I think that the SMB session is
> > handled within the OS on Windows boxes, so only one TCP connection is
> > needed, and therefore only one NegProt will be sent.
> >
> > I'm already several guesses deep, but if the server gets a new NegProt
> > from the same client, it may assume that the other connections are now
> > bogus. W2K expects other Windows systems to be its clients, so it may
> > also expect the clients to crash and be rebooted frequently. Given those
> > assumptions, it makes sense that a new NegProt would be taken by the
> > server as a signal that the client was rebooted and the other connections
> > should be dropped.
> >
> > It's bogus, but it is the same kind of logic that is behind the VC=0
> > reset.
> >
> > I wonder what would happen if you simply didn't send the NegProt or
> > SessionSetup, and just started using a [V]UID from one of the other
> > sessions... Ooohh. Ouch.
> >
> > Chris -)-----
> >
> > --
> > Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
> > jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
> > ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
> > OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
> >
>
--
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com
More information about the samba-technical
mailing list