Nmap Development mailing list archives
Re: raw-sockets and Win-XP SP2
From: "Leigh" <hst () iprimus com au>
Date: Fri, 25 Jun 2004 19:18:49 +1000
It is confirmed. Message reply taken from Windows XP SP2 Beta listserv, and since when is Nmap an "attack tool"??. I know Nmap (and any other decent comms utility) can probably be put to illegitimate use if the user is that way inclined. I think they have their wires crossed a little bit. The bigger threat (as I see it) is from internet worms, spyware, weak password (.SAM file bruting) and the rest.
So how about the no raw sockets command line option in Nmap? might give that a try.
Leigh hst () iprimus com au --------------------------------------------- Leigh,Half-right. We have removed support for TCP sends over RAW sockets in SP2. We surveyed applications and found the only apps using this on XP were
people writing attack tools. Regards, -David ---------------------------------------------- "Leigh" <hst () iprimus com au> wrote in message news:Og1iPjhWEHA.232 () CPMSFTNGSA04 privatenews microsoft com...
I have heard a "rumour" :) that there are plans to remove raw sockets (and/or support for packet.dll) in the final release of SP2? is this correct? Leigh hst () iprimus com au
----- Original Message ----- From: "Gisle Vanem" <giva () bgnett no>
To: "Nmap-dev" <nmap-dev () insecure org> Sent: Friday, June 25, 2004 2:47 AM Subject: raw-sockets and Win-XP SP2
I've heard strong rumours that the upcoming Win-XP SP2 will disable the use of SOCK_RAW sockets for any user (admin included). This will certainly hurt the use of nmap on Win-XP unless we go with libnet for all platforms. Steve Gibson (of www.grc.com) has been talking about the danger of raw-sockets for years; "... have ANY practical need for raw sockets" [*] he claims. Yeah right. Seems MS is now listening to him. Yet for years they have deprecated the use of the ICMP API for ping-like programs. And advised us to use SOCK_RAW instead. Back to using icmp.dll again I guess. I for one will not install the service-pack unless there's a loop-hole to enable SOCK_RAW again. Anyone with additional info on this? [*] http://www.grc.com/dos/sockettome.htm --gv --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- raw-sockets and Win-XP SP2 Gisle Vanem (Jun 24)
- Re: raw-sockets and Win-XP SP2 Leigh (Jun 24)
- Re: raw-sockets and Win-XP SP2 Leigh (Jun 25)
- Re: raw-sockets and Win-XP SP2 Gisle Vanem (Jun 25)
- <Possible follow-ups>
- raw-sockets and Win-XP SP2 Sean Warnock (Jun 24)
- Re: raw-sockets and Win-XP SP2 Leigh (Jun 24)