Penetration Testing mailing list archives
Re: Raw sockets vs connect() scanning on windows/linux
From: Daniel Miessler <daniel () dmiessler com>
Date: Sat, 20 Oct 2007 20:32:12 -0400
On the linux side, anyone know which scanners modify the raw socket packet creation to craft 60 byte packets to mimic exactly the typical connect() packet to get around products which are smart enough to tell the difference and change behaviors accordingly?
As I mentioned in the piece, doing an -sT scan seems to mimic a standard connect().
I know that with XP SP2 Microsoft removed raw sockets and there was a workaround that was subsequently broken with MS05-019 & later patches, and that 2k3 server you can still utilize raw sockets. What's the latest scoop on windows scanners in this regard and the linux question above?
I still use Windows Server 2003 for my Windows security platform. 2000 Workstation was ok, too, but it's just too old. I imagine that I'll be moving to 2008 after a while, but for now 2003 is the most solid platform as far as I can tell. Cheers, -- Daniel Miessler E: Daniel () dmiessler com W: http://dmiessler.com G: 0xD4A8FFF6 ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Raw sockets vs connect() scanning on windows/linux Erin Carroll (Oct 14)
- Re: Raw sockets vs connect() scanning on windows/linux John Lampe (Oct 15)
- Re: Raw sockets vs connect() scanning on windows/linux Daniel Miessler (Oct 20)
- Re: Raw sockets vs connect() scanning on windows/linux Robert E. Lee (Oct 15)
- Re: Raw sockets vs connect() scanning on windows/linux John Lampe (Oct 15)