Re: Query Related to NMap v5.0

[Fyodor <fyodor () insecure org>]

On Mon, Aug 24, 2009 at 11:35:30AM +0200, kx wrote:
> I only have Windows XP SP3, so I can't play more, but this article should help:
>
> TCP/IP Raw Sockets
> http://msdn.microsoft.com/en-us/library/ms740548%28VS.85%29.aspx

Thanks for the link.  The results don't look good:

  On Windows 7, Windows Server 2008 R2, Windows Vista, and Windows XP
  with Service Pack 2 (SP2), the ability to send traffic over raw
  sockets has been restricted in several ways:
    * TCP data cannot be sent over raw sockets.
    * UDP datagrams with an invalid source address cannot be sent over
      raw sockets. The IP source address for any outgoing UDP datagram
      must exist on a network interface or the datagram is
      dropped. This change was made to limit the ability of malicious
      code to create distributed denial-of-service attacks and limits
      the ability to send spoofed packets (TCP/IP packets with a
      forged source IP address).
    * A call to the bind function with a raw socket is not allowed.

  These above restrictions do not apply to Windows Server 2008 ,
  Windows Server 2003, or to versions of the operating system earlier
  than Windows XP with SP2.

I'm not a Windows fan, but it is still frustrating to see them cripple
their own platform like that.  They basically left just enough
functionality to keep ping.exe and tracert.exe working, and broke
everything else.

Of course Nmap also has tcp connect() port scanning, but MS
intentionally crippled the connect call as well :/.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org