Nmap Development mailing list archives

Re: raw-sockets and Win-XP SP2

From: "Leigh" <hst () iprimus com au>
Date: Fri, 25 Jun 2004 19:18:49 +1000

It is confirmed. Message reply taken from Windows XP SP2 Beta listserv, andsince when is Nmap an "attack tool"??. I know Nmap (and any other decentcomms utility) can probably be put to illegitimate use if the user is thatway inclined. I think they have their wires crossed a little bit. The biggerthreat (as I see it) is from internet worms, spyware, weak password (.SAMfile bruting) and the rest.

So how about the no raw sockets command line option in Nmap? might give thata try.


Leigh
hst () iprimus com au

---------------------------------------------
Leigh,

Half-right. We have removed support for TCP sends over RAW sockets in SP2.We surveyed applications and found the only apps using this on XP were

people writing attack tools.

Regards,

-David
----------------------------------------------

"Leigh" <hst () iprimus com au> wrote in message
news:Og1iPjhWEHA.232 () CPMSFTNGSA04 privatenews microsoft com...

I have heard a "rumour" :) that there are plans to remove raw sockets
(and/or support for packet.dll) in the final release of SP2? is this
correct?

Leigh
hst () iprimus com au

----- Original Message -----From: "Gisle Vanem" <giva () bgnett no>

To: "Nmap-dev" <nmap-dev () insecure org>
Sent: Friday, June 25, 2004 2:47 AM
Subject: raw-sockets and Win-XP SP2

I've heard strong rumours that the upcoming Win-XP SP2 will disable
the use of SOCK_RAW sockets for any user (admin included). This
will certainly hurt the use of nmap on Win-XP unless we go with
libnet for all platforms.

Steve Gibson (of www.grc.com) has been talking about the danger
of raw-sockets for years; "... have ANY practical need for raw
sockets" [*] he claims. Yeah right. Seems MS is now listening to
him. Yet for years they have deprecated the use of the ICMP API for
ping-like programs. And advised us to use SOCK_RAW instead. Back
to using icmp.dll again I guess.

I for one will not install the service-pack unless there's a loop-hole
to enable SOCK_RAW again. Anyone with additional info on this?

[*] http://www.grc.com/dos/sockettome.htm

--gv



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org




---------------------------------------------------------------------

For help using this (nmap-dev) mailing list, send a blank email tonmap-dev-help () insecure org . List archive: http://seclists.org

Current thread:

raw-sockets and Win-XP SP2 Gisle Vanem (Jun 24)
- Re: raw-sockets and Win-XP SP2 Leigh (Jun 24)
- Re: raw-sockets and Win-XP SP2 Leigh (Jun 25)
  - Re: raw-sockets and Win-XP SP2 Gisle Vanem (Jun 25)
- <Possible follow-ups>
- raw-sockets and Win-XP SP2 Sean Warnock (Jun 24)
  - Re: raw-sockets and Win-XP SP2 Leigh (Jun 24)