Full Disclosure mailing list archives
Re: SP2 and NMAP
From: "Mike Nice" <niceman () att net>
Date: Fri, 13 Aug 2004 10:16:34 -0400
If you read the above Microsoft doc you will see that they have not "disabled raw packets" but disabled commonly abused types of raw packet.
While most of XP SP2 properly addresses the real issues - how to keep the bad guys out, part of SP2 is a feeble attempt to mitigate the effects of malware after it has arrived. Re: outbound rate connection queue limiting - Even without raw sockets, it is trivial to fill the pipe with TCP Syn's to one or more addresses, albeit with a real source IP. (Note to MS: by the time malware has ben installed, it's too late; the horse is already out of the barn!) Since the GRC.com attack 2 years ago, even average ISPs put filters in place to prevent IP address spoofing. I saw one piece of windows malware about 2 years ago that used spoofed source IPs, but none recently. Re: no TCP outbound raw sockets; this disables functionality like Win32 TCPtraceroute. Sometimes that is the only way to track network connectivity issues. As you note, the only solution is to run a system other than XP SP2. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Service Pack 2, don't discuss it here. Niek Baakman (Aug 12)
- Re: Service Pack 2, don't discuss it here. Tom Russell (Aug 12)
- Re: Service Pack 2, don't discuss it here. A.V. (Aug 12)
- Re: Service Pack 2, don't discuss it here. Harlan Carvey (Aug 12)
- Re: Service Pack 2, don't discuss it here. Niek Baakman (Aug 12)
- SP2 and NMAP PJ (Aug 12)
- Re: SP2 and NMAP James Tucker (Aug 13)
- Re: SP2 and NMAP Mike Nice (Aug 13)
- RE: SP2 and NMAP Geo. (Aug 13)
- Re: Service Pack 2, don't discuss it here. Tom Russell (Aug 12)