Tweet
According to multiple unconfirmed reports, mainly on the nmap mailing list, Microsoft has allegedly decided to remove support for raw sockets from SP2. I'm a little bit wary to believe this outright, considering Microsoft bundles several tools which normally make use of raw sockets which continue to function without problems on SP2, such as ping and tracert. Anyone have a little more information on this?
-
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
[ redacted ] -
Originally posted by bascule
Do you think they did this to help with the onslaught of DDoS attacks? If so this could possibly be a good move, I mean there's always website based network tools, right...Right?When you draw first blood you can't stop this fight
For my own piece of mind - I'm going to
Tear your fucking eyes out
Rip your fucking flesh off
Beat you till you're just a fucking lifeless carcass
Fuck you and your progress
Watch me fucking regress
You were meant to take the fall - now you're nothing
Payback's a bitch motherfucker!
Slayer - Payback -
Is it for certain that ping and tracert are still using raw sockets? They both were updated with SP2 so perhaps there is an "override" API function like there is for the firewall.
Somewhere out there, Steve Gibson is frothing at the mouth going "I TOLD YOU SO!"We own everything so you don't have to!Comment
-
Yep... Only problem is, that's going to break a *lot* of software until it's rewritten to use the abstracted API. I suspect that a lot of what's being reported re: SP2 removing raw socket functionality is largely anecdotal - if it really did it to the degree that it's being made out to have happened, we'd be seeing a much larger volume of traffic complaining about it.Originally posted by gzzah
Having said that, I suspect that much of this centres around the new firewalling features. Having not installed SP2 myself yet (waiting for the dust to settle and bandwidth to be reasonable), my gut feeling is that misconfiguration of the firewall may be responsible for much of what's being seen.
And no doubt smearing his own faeces on the walls, too!Somewhere out there, Steve Gibson is frothing at the mouth going "I TOLD YOU SO!"Comment
-
Well, here's the definitive answer from Microsoft:
http://www.microsoft.com/technet/pro...on127121120120
Support for raw sockets is still there, they just limited what they can do.45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
[ redacted ]Comment
-
For more info read this http://www.microsoft.com/technet/pro...on127121120120 and this http://it.slashdot.org/comments.pl?s...49&cid=9951010
RedhookComment
-
Thanks for reminding me why I don't read slashdot anymore.
What a bunch of whiney bitches.We own everything so you don't have to!Comment
-
No Raw Sockets Breaks Nmap
Perfect example of breakage...
http://seclists.org/lists/nmap-hacke...-Sep/0002.htmlComment
-
Windows Sockets as opposed to berkeley sockets(raw sockets) still allow you to do all the TCP injection you want al beit a severe PITA.
I think they are counting on security through obscurity because know one really knows the Win API well anymore with all the API abstractions that have been layered on.
Im not even so sure that MS programmers understand it considering only about 40% of it is actually documented.
S1ax0rComment
Comment