Win2K resetting connections. Is there a service pack?

Richard Sharpe rsharpe at ns.aus.com
Fri Aug 2 06:53:02 GMT 2002 

On Fri, 2 Aug 2002, Simo Sorce wrote:

> Seem the same logic tridge and abartlet found about authentication
> against w2k.
> Seem a childish way to avoid possible DoS oir something like that.
> If you have not finished authentication and the same client issue a
> second request, w2k drops the connection.
> And if I remember correctly, this happens at the TCP/IP stack level not
> even at the NetBIOS one.

Well, in this case it is limited to port 445 ...
 
> Simo.
> 
> On Thu, 2002-08-01 at 20:24, Christopher R. Hertel wrote:
> > On Fri, Aug 02, 2002 at 04:49:55AM +0930, Richard Sharpe wrote:
> > :
> > > It's the NegProt. Once the first NegProt is issued on any open TCP
> > > connection, all the others get RSTs if they have not got past that point. 
> > > It is bizare. They come from another planet, I tell you.
> > 
> > Odd.  Are these all connections from the same client?  If not, then it's 
> > definitely a bug.  You'd have only one client able to connect at a time...
> > 
> > If it only happens across multiple connections from the same client, then
> > it makes a kind of twisted sense.  Microsoft may assume (since, as I
> > understand it, their software works this way) that there will be only one
> > TCP connection per SMB client system.  I think that the SMB session is 
> > handled within the OS on Windows boxes, so only one TCP connection is 
> > needed, and therefore only one NegProt will be sent.
> > 
> > I'm already several guesses deep, but if the server gets a new NegProt
> > from the same client, it may assume that the other connections are now
> > bogus.  W2K expects other Windows systems to be its clients, so it may
> > also expect the clients to crash and be rebooted frequently.  Given those
> > assumptions, it makes sense that a new NegProt would be taken by the
> > server as a signal that the client was rebooted and the other connections
> > should be dropped.
> > 
> > It's bogus, but it is the same kind of logic that is behind the VC=0
> > reset.
> > 
> > I wonder what would happen if you simply didn't send the NegProt or 
> > SessionSetup, and just started using a [V]UID from one of the other 
> > sessions...  Ooohh.  Ouch.
> > 
> > Chris -)-----
> > 
> > -- 
> > Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
> > jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
> > ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
> > OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org
> > 
> 

-- 
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org, 
sharpe at ethereal.com

More information about the samba-technical mailing list