FC: NYT questions Microsoft for finally implementing TCP/IP correctly

[Declan McCullagh <declan () well com>]

**********
More on TCP/IP in Windows XP:
http://www.politechbot.com/p-02094.html
http://www.politechbot.com/p-02093.html
**********

From: rms () privacyfoundation org (Richard M. Smith)
To: <jered () mit edu>, <steve () stevecrocker com>
Cc: <declan () well com>
Subject: Re: More on suing Microsoft for order blocking Windows XP shipments
Date: Sat, 2 Jun 2001 17:05:18 -0400

Hi,

  >>> root users have been able to open raw sockets
  >>> and spoof addresses for years and years.

Are there any legit uses for IP address spoofing?
Has Microsoft said yet why they are adding in
this new feature?  I've been a Windows 9X users
for years and never seem to have a reason to do
spoofing........

Richard

**********

To: rms () privacyfoundation org (Richard M. Smith)
Cc: <steve () stevecrocker com>, <declan () well com>
Subject: Re: More on suing Microsoft for order blocking Windows XP shipments
From: Jered Floyd <jered () mit edu>
Date: 02 Jun 2001 17:18:33 -0400

rms () privacyfoundation org (Richard M. Smith) writes:

>   >>> and spoof addresses for years and years.
>
> Are there any legit uses for IP address spoofing?

Microsoft isn't adding "IP address spoofing". What they are adding is
the ability to open raw sockets and write arbitrary data as an IP
packet.  This functionality, for instance, is required to write a DHCP
client, as you need to send out packets before you have an address.
This is also necessary if you want to send packet types that the
Microsoft IP stack doesn't support. (I'm not familiar with what
Microsoft supports currently, but if you were writing a multicast
client and Microsoft didn't provide a mechanism to send IGMP packets,
then raw sockets would allow you to do so.)

--Jered

**********

From: rms () privacyfoundation org (Richard M. Smith)
To: "Declan McCullagh" <declan () well com>, "'Jered Floyd'" <jered () mit edu>,
        <steve () stevecrocker com>
Subject: NYTimes: Expert Says Windows XP Aids Vandals
Date: Mon, 4 Jun 2001 10:40:14 -0400

 http://www.nytimes.com/2001/06/04/technology/04FLAW.html

The Internet is sustaining a growing plague of attacks that overwhelm
Web sites by flooding them with data, and an Internet security expert is
warning Microsoft that the planned consumer rollout of its Windows XP
operating system for personal computers could make the global network
even more vulnerable.

The software, which Microsoft plans to begin selling in the fall, adds
some powerful Internet-connection capabilities that the security expert
has urged the company to remove before putting the product on the
market. The new features, he says, makes server computers more
susceptible to a type of Web intrusion known as a distributed denial of
service attack, in which attackers remotely commandeer hundreds of
personal computers connected to the Internet and use them to release a
disabling deluge of data against a specific Web site.

**********




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------