set correctly.
1. Shift the low-order bits of fc by 20 bits, not 28, because fl is a
20-bit field.
2. Use a mask in host byte order to mask fl, which is also provided in
host byte order.
3. Swap | and & in combining fc and fl.
1) Set the 'vc' ('virtual circuit') id to a non-zero value (if it's 0, the smb server will disconnect all hosts who are already connected)
2) Handle the authentication error NT_STATUS_REQUEST_NOT_ACCEPTED, which indicates that there are too many connected hosts (11 is the default on most versions of Windows, or 10 for the anonymous account). If we see the error, we wait and try again.
3) Handle the file creation error, NT_STATUS_PIPE_NOT_AVAILABLE, which appears to be caused by a race condition of some sort. It happens when a large number of connections are attempted simultaneously, and is fixed by a short backoff (50ms worked fine, but I'm using 100ms)
The end result is a significant speedup in our SMB checks without losing data.
number to guarantee it's nonzero (which some target hosts require) rather
than looping for new random numbers.
* ICMP ID values are unimportant, as long as they are nonzero
* The original code to get random numbers was exactly duplicated (new variable,
comment, loop, even whitespace) in the same function, so using a single
variable set initially (albeit differently) simplifies duplication
shouldn't. Also, because of the use of ([...]*), captures can be too
long to fill into the template. This change forces hostname and
domain name to be non-empty. This match should be made more specific
but without example content any changes would involve guessing.
few mystery variations in bytes that don't match up with the
descriptions in the submissions or what users have told me they are
running. I've done my best to get the OS X versions correct.
Corrections may be required to loosen the strict versioning in this
commit.
o Create the mutex in the RpcInfo() function before the connect call, to prevent some rare race conditions that can cause one of the running rpc and nfs scripts to fail. This mutex is used to cache the portmapper program list in the registry, to reduce the number of connections and RPC DUMP procedure calls.
o whitespace formatting.
Rapidsite/Apa (customized Apache http)
IBM HTTP Server using mod_jk
RG4000 Access Control Gateway (limited info)
The first two had existing fingerprints that were
were similar but that matched version information
that was not always present or had a different
modules (PHP vs mod_jk). - Tom
