XP SP2 Doesnt Supports RAW Sockets

[SirDice]

Why not add the appropriate privileges? Shouldn't be that hard to implement. Just make it so only an admin is able to use raw sockets?

The reason I never give MS a greenie is because of the way they "deal" with security. "We don't know how to fix it so we'll rip it all out.". Heck, if they started thinking like that Explorer would be the next thing that gets ripped out

[pooh sun tzu]

Just make it so only an admin is able to use raw sockets?

Because everyone runs windows in their Guest account :P

The reason I never give MS a greenie is because of the way they "deal" with security. "We don't know how to fix it so we'll rip it all out.". Heck, if they started thinking like that Explorer would be the next thing that gets ripped out

Wait, so MS doesn't have good security, people complain that windows isn't secure. MS attempts to secure things, people complain about how late they secure it. MS secures it and then people complain about how it was secured, even though it ended up being secure.

What in the hell? Make up your minds, do you want security or not? Then let MS do security their way. Microsoft has to learn about the world of security through trial and error, just like Linux has to learn about desktop latency and usability through trial and error. But don't grind either one into the ground just because you don't agree with their learning process. Security is the final result, and the origonal complaint.

[SirDice]

Because everyone runs windows in their Guest account :P

I do believe you mean administrators account.

Learning process? They're not really learning as far as I can tell. If they really learned why fall for the same problems *nix has dealt with years ago?

[ol jeb]

why fall for the same problems *nix has dealt with years ago?

Do people conveniently ignore or choose to forget one fact...how much OLDER the *nix platform is compared to the Windows platform. Correct me if I'm wrong, but *nix has roughly 10 years on Windows. So, duh...of course they've figured some things out already, they had a decade to do so. Don't forget that even with being older, we are still finding problems to this day in *nix. Some of which have been there, some of which were created when new features were added, but they're there.

Anyway, my .02 have now been deposited.

[Maestr0]

Users cannot(normally) create raw sockets. What does happen is the admin installas winpcap or another 3rd party driver (which runs as a service) once its installed, users an access the service unless the admin changes it.

http://grc.com/dos/sockettome2.htm


-Maestr0

[cacosapo]

yes, *nix had handle the problem years go. how?

only PRIVILEDGED process can write raw packets.
Try to to that on user mode on *nix.

Yes of course. Why an user mode application needs a raw packet? why not use O.S. services?
i cant see a reason to do that. Its same reason why user mode applications cant access any hardware resource. Its a SECURITY issue

So MS made a mistake in the past (turn raw in user mode on) and not it turn off againt.

Ok, if you install a library (that run in priviledged mode) and gain access to raw packets, its your choice. A regular user CANT install such program in Windows.

"Oh, i was running as Admin and a trojan installed a libcap on My Windows. Windows security is a crap"

Die slowly, man

EDIT

Its not a reply for your Post, Sirdice. You are correct at your post.

/EDIT

[Irongeek]

So what other apps besides Nmap does this break? Guess I should test Cain and Languard and see if they still work.

[chsh]

Just a summary of some corrections:
- Raw socket use is NOT restricted to any users in XP Home, which was the crux of Gibson's argument against its inclusion. XP Home lacks the business security models of Pro.
- Every current MSDN document on developing with ICMP says the preferred method of accessing ICMP packets is via the raw sockets implementation.
- Raw sockets are not new to Windows. Windows 2000 had them, and I believe Windows NT4 > SP3 had them. Arguments pertaining to the newness of the idea are moot.
- *nix is used to refer to true genetic Unixes (HP-UX, Solaris, etc), BSDs (Also genetic unixes, without the unix name), and Linux. This represents multiple different code bases that have split or been independantly developed over quite a large timeframe. Please do not be this vague. Unix is far older than 10 years.
- Raw sockets can be reimplemented at any time utilizing a third party library like WinPcap (which on XP Home can be run by anyone).
- Perhaps the most dangerous functionality of raw sockets is source IP spoofing. This could have been fixed with egress filtering in XP's firewall. The approach is to rather destroy the mold for the tool makers than shore up the doors so they can't get out.

[pooh sun tzu]

I do believe you mean administrators account.

No, I didn't. I meant guest account in a sarcastic sense.

Learning process? They're not really learning as far as I can tell. If they really learned why fall for the same problems *nix has dealt with years ago?

So you are telling me that even though thousands of generations of humans who have come before you in life made mistakes and learned from them, you won't ever ever ever make a single mistake they ever made? You will research the life of each and ever person to learn from their mistakes, so you won't -ever- have to repeat it?

Please, when you do so let me know, otherwise you will still repeat the mistakes that people have made in the past, be it forgetting where you placed your keys or having a spelling typo.

Something failing once != it will always fail

[S1lv3rW3bSurf3r]

[i] Originally posted
- Perhaps the most dangerous functionality of raw sockets is source IP spoofing. This could have been fixed with egress filtering in XP's firewall. The approach is to rather destroy the mold for the tool makers than shore up the doors so they can't get out. [/B]

Does this mean that he actually had a point to his raving?! I remember reading some years ago about wicked attacking his site. I know he used that, the attack, to hype the use of raw sockets that at the time were going to be used in XP. I cannot however, still get over the issue that i feel that he is somewhat of a doomsday prophet?! I do believe that in this time no real dDoS has been done using windows (especially Home version) with raw socket support, in fact if memory serves in NT there was a registry setting for swicthing on limited Raw Socket support....... Or at least exploited to the extent that he had hyped it.

Did they not include it perhaps, because they are using the BSD IP Stack wholesale?! Perhaps someone more knowledgable, Like Pooh, will be able to help?! Raw sockets, perhaps for coders and the like would open up windows and make it more flexible so one could code applications with raw socket support built in?! I believe that once Winsock API became DCOM, they needed i believe to say that they also had they ability to do what some other OSes, Like Oracle could already do .......... If incorrect, please feel free to rectify this misnoma ......