Raw Sockets in Windows XP SP2

S

Sean

Can anyone confirm if the SOCK_RAW api is still avaliable in Windows XP
SP2 RC1 or RC2? I have been using a port scanner that relies on the
SOCK_RAW interface and it seems to no longer function. Any information on
this would help.

Sean
 
K

Keith

Sean said:
Can anyone confirm if the SOCK_RAW api is still avaliable in Windows XP
SP2 RC1 or RC2? I have been using a port scanner that relies on the
SOCK_RAW interface and it seems to no longer function. Any information on
this would help.

Sean
Click to expand...

sounds like good news to me
 
S

Steven M. Gibson

[for the unabridged version, see Keith's post above]
sounds like good news to me
Click to expand...

Indeed Keith. :)

Sean ...

Microsoft is removing the ability to generate TCP traffic through
the raw socket interface. This is *exactly* what I made such a
stink about the summer before XP was released, begging them never
to put it in there in the first place.

But the "Blaster" (MS Blast) worm used XP's raw sockets to launch
a serious attack against Microsoft, and a great many others have
been seriously hurt by this. So SP2 will be neutering this
facility from XP. You'll still be able to download the free
and excellent WinPcap library to return raw packet generation
capability to selective Window machines where needed ...
which is a perfectly reasonable compromise.
 
S

Steve Gibson

[for the unabridged version, see Sean's post above]
Can anyone confirm if the SOCK_RAW api is still avaliable in
Windows XP SP2 RC1 or RC2? I have been using a port scanner
that relies on the SOCK_RAW interface and it seems to no
longer function. Any information on this would help.
Click to expand...

Right. Microsoft's David Powell posted a reply in the private SP2
Networking newsgroup earlier today explaining that Microsoft had
surveyed applications that were using Raw Sockets under XP and
determined that they were causing much more trouble (being used
for malicious purposes) than for good. So SP2 removes XP's
ability to generate raw TCP packets.
 
C

Craig Humphrey

Hmmm.. funny, since most PortScanning tools use SOCK_RAW, one of which is
even recommended by Microsoft:
http://www.microsoft.com/serviceproviders/security/tools.asp (See last
item)
And last I heard, a PortScanning tool isn't malicious, it's the user that
wields it that is malicious (just like in American gun law...)

Oh well, I know the writer of Nmap is looking for a solution and no doubt
the virus/worm writers will find one quickly...
Afterall Win95 doesn't have SOCK_RAW and you can do most things on that.
And of course in MS's finest tradition, plugging one "hole" will no doubt
reveal others....
http://www.crn.com/sections/breakingnews/breakingnews.jhtml?articleId=23905071

Just my 2c rant.

Later'ish
Craig



Steve Gibson said:
[for the unabridged version, see Sean's post above]
Can anyone confirm if the SOCK_RAW api is still avaliable in
Windows XP SP2 RC1 or RC2? I have been using a port scanner
that relies on the SOCK_RAW interface and it seems to no
longer function. Any information on this would help.
Click to expand...

Right. Microsoft's David Powell posted a reply in the private SP2
Networking newsgroup earlier today explaining that Microsoft had
surveyed applications that were using Raw Sockets under XP and
determined that they were causing much more trouble (being used
for malicious purposes) than for good. So SP2 removes XP's
ability to generate raw TCP packets.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

receiving the IP header with a UDP datagram 4
WINDOWS SECURITY MEASURES IN SP3 RC2 1
MS05-019 Windows XP SP1 issues with raw sockets (nmap problems) and MTU 2
C# Raw Sockets 1
XP SP2 - have service requirements changed? 2
USB HDD Volume is RAW?? 2
windows xp sp2 rc2 works as advertised 1
RAW Sockets and Posibilities 2

Top