Announcement

Collapse
No announcement yet.

No raw sockets on XP SP2?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • No raw sockets on XP SP2?

    According to multiple unconfirmed reports, mainly on the nmap mailing list, Microsoft has allegedly decided to remove support for raw sockets from SP2. I'm a little bit wary to believe this outright, considering Microsoft bundles several tools which normally make use of raw sockets which continue to function without problems on SP2, such as ping and tracert. Anyone have a little more information on this?
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

  • #2
    Originally posted by bascule
    According to multiple unconfirmed reports, mainly on the nmap mailing list, Microsoft has allegedly decided to remove support for raw sockets from SP2. I'm a little bit wary to believe this outright, considering Microsoft bundles several tools which normally make use of raw sockets which continue to function without problems on SP2, such as ping and tracert. Anyone have a little more information on this?

    Do you think they did this to help with the onslaught of DDoS attacks? If so this could possibly be a good move, I mean there's always website based network tools, right...Right?
    When you draw first blood you can't stop this fight
    For my own piece of mind - I'm going to
    Tear your fucking eyes out
    Rip your fucking flesh off
    Beat you till you're just a fucking lifeless carcass
    Fuck you and your progress
    Watch me fucking regress
    You were meant to take the fall - now you're nothing
    Payback's a bitch motherfucker!

    Slayer - Payback

    Comment


    • #3
      Is it for certain that ping and tracert are still using raw sockets? They both were updated with SP2 so perhaps there is an "override" API function like there is for the firewall.

      Somewhere out there, Steve Gibson is frothing at the mouth going "I TOLD YOU SO!"
      We own everything so you don't have to!

      Comment


      • #4
        Originally posted by gzzah
        Is it for certain that ping and tracert are still using raw sockets? They both were updated with SP2 so perhaps there is an "override" API function like there is for the firewall.
        Yep... Only problem is, that's going to break a *lot* of software until it's rewritten to use the abstracted API. I suspect that a lot of what's being reported re: SP2 removing raw socket functionality is largely anecdotal - if it really did it to the degree that it's being made out to have happened, we'd be seeing a much larger volume of traffic complaining about it.

        Having said that, I suspect that much of this centres around the new firewalling features. Having not installed SP2 myself yet (waiting for the dust to settle and bandwidth to be reasonable), my gut feeling is that misconfiguration of the firewall may be responsible for much of what's being seen.

        Somewhere out there, Steve Gibson is frothing at the mouth going "I TOLD YOU SO!"
        And no doubt smearing his own faeces on the walls, too!

        Comment


        • #5
          Well, here's the definitive answer from Microsoft:

          http://www.microsoft.com/technet/pro...on127121120120

          Support for raw sockets is still there, they just limited what they can do.
          45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
          45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
          [ redacted ]

          Comment


          • #6
            For more info read this http://www.microsoft.com/technet/pro...on127121120120 and this http://it.slashdot.org/comments.pl?s...49&cid=9951010

            Redhook

            Comment


            • #7
              Thanks for reminding me why I don't read slashdot anymore.

              What a bunch of whiney bitches.
              We own everything so you don't have to!

              Comment


              • #8
                No Raw Sockets Breaks Nmap

                Perfect example of breakage...

                http://seclists.org/lists/nmap-hacke...-Sep/0002.html

                Comment


                • #9
                  Windows Sockets as opposed to berkeley sockets(raw sockets) still allow you to do all the TCP injection you want al beit a severe PITA.

                  I think they are counting on security through obscurity because know one really knows the Win API well anymore with all the API abstractions that have been layered on.

                  Im not even so sure that MS programmers understand it considering only about 40% of it is actually documented.

                  S1ax0r

                  Comment

                  Working...
                  X