According to multiple unconfirmed reports, mainly on the nmap mailing list, Microsoft has allegedly decided to remove support for raw sockets from SP2. I'm a little bit wary to believe this outright, considering Microsoft bundles several tools which normally make use of raw sockets which continue to function without problems on SP2, such as ping and tracert. Anyone have a little more information on this?
Announcement
Collapse
No announcement yet.
No raw sockets on XP SP2?
Collapse
X
-
Originally posted by basculeAccording to multiple unconfirmed reports, mainly on the nmap mailing list, Microsoft has allegedly decided to remove support for raw sockets from SP2. I'm a little bit wary to believe this outright, considering Microsoft bundles several tools which normally make use of raw sockets which continue to function without problems on SP2, such as ping and tracert. Anyone have a little more information on this?
Do you think they did this to help with the onslaught of DDoS attacks? If so this could possibly be a good move, I mean there's always website based network tools, right...Right?When you draw first blood you can't stop this fight
For my own piece of mind - I'm going to
Tear your fucking eyes out
Rip your fucking flesh off
Beat you till you're just a fucking lifeless carcass
Fuck you and your progress
Watch me fucking regress
You were meant to take the fall - now you're nothing
Payback's a bitch motherfucker!
Slayer - Payback
-
Is it for certain that ping and tracert are still using raw sockets? They both were updated with SP2 so perhaps there is an "override" API function like there is for the firewall.
Somewhere out there, Steve Gibson is frothing at the mouth going "I TOLD YOU SO!"We own everything so you don't have to!
Comment
-
Originally posted by gzzahIs it for certain that ping and tracert are still using raw sockets? They both were updated with SP2 so perhaps there is an "override" API function like there is for the firewall.
Having said that, I suspect that much of this centres around the new firewalling features. Having not installed SP2 myself yet (waiting for the dust to settle and bandwidth to be reasonable), my gut feeling is that misconfiguration of the firewall may be responsible for much of what's being seen.
Somewhere out there, Steve Gibson is frothing at the mouth going "I TOLD YOU SO!"
Comment
-
Well, here's the definitive answer from Microsoft:
http://www.microsoft.com/technet/pro...on127121120120
Support for raw sockets is still there, they just limited what they can do.45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
[ redacted ]
Comment
-
For more info read this http://www.microsoft.com/technet/pro...on127121120120 and this http://it.slashdot.org/comments.pl?s...49&cid=9951010
Redhook
Comment
-
No Raw Sockets Breaks Nmap
Perfect example of breakage...
http://seclists.org/lists/nmap-hacke...-Sep/0002.html
Comment
-
Windows Sockets as opposed to berkeley sockets(raw sockets) still allow you to do all the TCP injection you want al beit a severe PITA.
I think they are counting on security through obscurity because know one really knows the Win API well anymore with all the API abstractions that have been layered on.
Im not even so sure that MS programmers understand it considering only about 40% of it is actually documented.
S1ax0r
Comment
Comment