On Fri, 2 Aug 2002, Simo Sorce wrote: > Seem the same logic tridge and abartlet found about authentication > against w2k. > Seem a childish way to avoid possible DoS oir something like that. > If you have not finished authentication and the same client issue a > second request, w2k drops the connection. > And if I remember correctly, this happens at the TCP/IP stack level not > even at the NetBIOS one.
Well, in this case it is limited to port 445 ... > Simo. > > On Thu, 2002-08-01 at 20:24, Christopher R. Hertel wrote: > > On Fri, Aug 02, 2002 at 04:49:55AM +0930, Richard Sharpe wrote: > > : > > > It's the NegProt. Once the first NegProt is issued on any open TCP > > > connection, all the others get RSTs if they have not got past that point. > > > It is bizare. They come from another planet, I tell you. > > > > Odd. Are these all connections from the same client? If not, then it's > > definitely a bug. You'd have only one client able to connect at a time... > > > > If it only happens across multiple connections from the same client, then > > it makes a kind of twisted sense. Microsoft may assume (since, as I > > understand it, their software works this way) that there will be only one > > TCP connection per SMB client system. I think that the SMB session is > > handled within the OS on Windows boxes, so only one TCP connection is > > needed, and therefore only one NegProt will be sent. > > > > I'm already several guesses deep, but if the server gets a new NegProt > > from the same client, it may assume that the other connections are now > > bogus. W2K expects other Windows systems to be its clients, so it may > > also expect the clients to crash and be rebooted frequently. Given those > > assumptions, it makes sense that a new NegProt would be taken by the > > server as a signal that the client was rebooted and the other connections > > should be dropped. > > > > It's bogus, but it is the same kind of logic that is behind the VC=0 > > reset. > > > > I wonder what would happen if you simply didn't send the NegProt or > > SessionSetup, and just started using a [V]UID from one of the other > > sessions... Ooohh. Ouch. > > > > Chris -)----- > > > > -- > > Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel > > jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq. > > ubiqx Team -- http://www.ubiqx.org/ -)----- [EMAIL PROTECTED] > > OnLineBook -- http://ubiqx.org/cifs/ -)----- [EMAIL PROTECTED] > > > -- Regards ----- Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
