XP SP2 Doesnt Supports RAW Sockets - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: XP SP2 Doesnt Supports RAW Sockets

  1. #11
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Why not add the appropriate privileges? Shouldn't be that hard to implement. Just make it so only an admin is able to use raw sockets?

    The reason I never give MS a greenie is because of the way they "deal" with security. "We don't know how to fix it so we'll rip it all out.". Heck, if they started thinking like that Explorer would be the next thing that gets ripped out
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  2. #12
    Just make it so only an admin is able to use raw sockets?
    Because everyone runs windows in their Guest account :P

    The reason I never give MS a greenie is because of the way they "deal" with security. "We don't know how to fix it so we'll rip it all out.". Heck, if they started thinking like that Explorer would be the next thing that gets ripped out
    Wait, so MS doesn't have good security, people complain that windows isn't secure. MS attempts to secure things, people complain about how late they secure it. MS secures it and then people complain about how it was secured, even though it ended up being secure.

    What in the hell? Make up your minds, do you want security or not? Then let MS do security their way. Microsoft has to learn about the world of security through trial and error, just like Linux has to learn about desktop latency and usability through trial and error. But don't grind either one into the ground just because you don't agree with their learning process. Security is the final result, and the origonal complaint.

  3. #13
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Because everyone runs windows in their Guest account :P
    I do believe you mean administrators account.

    Learning process? They're not really learning as far as I can tell. If they really learned why fall for the same problems *nix has dealt with years ago?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #14
    Senior Member
    Join Date
    Jul 2002
    Posts
    106
    why fall for the same problems *nix has dealt with years ago?
    Do people conveniently ignore or choose to forget one fact...how much OLDER the *nix platform is compared to the Windows platform. Correct me if I'm wrong, but *nix has roughly 10 years on Windows. So, duh...of course they've figured some things out already, they had a decade to do so. Don't forget that even with being older, we are still finding problems to this day in *nix. Some of which have been there, some of which were created when new features were added, but they're there.

    Anyway, my .02 have now been deposited.
    just making some minor adjustments to your system....

  5. #15
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Users cannot(normally) create raw sockets. What does happen is the admin installas winpcap or another 3rd party driver (which runs as a service) once its installed, users an access the service unless the admin changes it.

    http://grc.com/dos/sockettome2.htm


    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  6. #16
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    yes, *nix had handle the problem years go. how?

    only PRIVILEDGED process can write raw packets.
    Try to to that on user mode on *nix.

    Yes of course. Why an user mode application needs a raw packet? why not use O.S. services?
    i cant see a reason to do that. Its same reason why user mode applications cant access any hardware resource. Its a SECURITY issue

    So MS made a mistake in the past (turn raw in user mode on) and not it turn off againt.

    Ok, if you install a library (that run in priviledged mode) and gain access to raw packets, its your choice. A regular user CANT install such program in Windows.

    "Oh, i was running as Admin and a trojan installed a libcap on My Windows. Windows security is a crap"

    Die slowly, man

    EDIT

    Its not a reply for your Post, Sirdice. You are correct at your post.

    /EDIT
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  7. #17
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    So what other apps besides Nmap does this break? Guess I should test Cain and Languard and see if they still work.

  8. #18
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Just a summary of some corrections:
    - Raw socket use is NOT restricted to any users in XP Home, which was the crux of Gibson's argument against its inclusion. XP Home lacks the business security models of Pro.
    - Every current MSDN document on developing with ICMP says the preferred method of accessing ICMP packets is via the raw sockets implementation.
    - Raw sockets are not new to Windows. Windows 2000 had them, and I believe Windows NT4 > SP3 had them. Arguments pertaining to the newness of the idea are moot.
    - *nix is used to refer to true genetic Unixes (HP-UX, Solaris, etc), BSDs (Also genetic unixes, without the unix name), and Linux. This represents multiple different code bases that have split or been independantly developed over quite a large timeframe. Please do not be this vague. Unix is far older than 10 years.
    - Raw sockets can be reimplemented at any time utilizing a third party library like WinPcap (which on XP Home can be run by anyone).
    - Perhaps the most dangerous functionality of raw sockets is source IP spoofing. This could have been fixed with egress filtering in XP's firewall. The approach is to rather destroy the mold for the tool makers than shore up the doors so they can't get out.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  9. #19
    I do believe you mean administrators account.
    No, I didn't. I meant guest account in a sarcastic sense.

    Learning process? They're not really learning as far as I can tell. If they really learned why fall for the same problems *nix has dealt with years ago?
    So you are telling me that even though thousands of generations of humans who have come before you in life made mistakes and learned from them, you won't ever ever ever make a single mistake they ever made? You will research the life of each and ever person to learn from their mistakes, so you won't -ever- have to repeat it?

    Please, when you do so let me know, otherwise you will still repeat the mistakes that people have made in the past, be it forgetting where you placed your keys or having a spelling typo.

    Something failing once != it will always fail

  10. #20
    Member
    Join Date
    Oct 2003
    Posts
    62
    [i] Originally posted
    - Perhaps the most dangerous functionality of raw sockets is source IP spoofing. This could have been fixed with egress filtering in XP's firewall. The approach is to rather destroy the mold for the tool makers than shore up the doors so they can't get out. [/B]
    Does this mean that he actually had a point to his raving?! I remember reading some years ago about wicked attacking his site. I know he used that, the attack, to hype the use of raw sockets that at the time were going to be used in XP. I cannot however, still get over the issue that i feel that he is somewhat of a doomsday prophet?! I do believe that in this time no real dDoS has been done using windows (especially Home version) with raw socket support, in fact if memory serves in NT there was a registry setting for swicthing on limited Raw Socket support....... Or at least exploited to the extent that he had hyped it.

    Did they not include it perhaps, because they are using the BSD IP Stack wholesale?! Perhaps someone more knowledgable, Like Pooh, will be able to help?! Raw sockets, perhaps for coders and the like would open up windows and make it more flexible so one could code applications with raw socket support built in?! I believe that once Winsock API became DCOM, they needed i believe to say that they also had they ability to do what some other OSes, Like Oracle could already do .......... If incorrect, please feel free to rectify this misnoma ......
    HO$H Pagamisa. Pro Amour Ludi....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides