some packets that go over netbios-ns that announce the workgroup don't actually have the netbios name in the dataload, so they fail at the strcasecmp() function which is used for protection against spoofed packets
my idea to counter this was to decode the workgroup that is broadcasted in packets that go over netbios-dgm and add another check strcasecmp() check so those packets are picked up. this presents a problem, however, that if the workgroup netbios-ns packets arrive before any netbios-dgm have been decoded the netbios-ns packet will be dropped.
any ideas how we could ensure 100% packet return while still handling spoofed packets appropriately?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
some packets that go over netbios-ns that announce the workgroup don't actually have the netbios name in the dataload, so they fail at the strcasecmp() function which is used for protection against spoofed packets
my idea to counter this was to decode the workgroup that is broadcasted in packets that go over netbios-dgm and add another check strcasecmp() check so those packets are picked up. this presents a problem, however, that if the workgroup netbios-ns packets arrive before any netbios-dgm have been decoded the netbios-ns packet will be dropped.
any ideas how we could ensure 100% packet return while still handling spoofed packets appropriately?
forgot to tell you I was talking about netbios.c, if you didn't pick it up ;p