Full Disclosure mailing list archives
Re: SP2 and NMAP
From: James Tucker <jftucker () gmail com>
Date: Fri, 13 Aug 2004 11:15:01 +0100
If you are going to try and bash Microsoft for doing something, maybe you should at least look at some of the documents surrounding the reasons for doing it, and then be accurate: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx#XSLTsection127121120120 and a documented attack which utilised the windows raw socket functionality: http://www.grc.com/dos/drdos.htm If you read the above Microsoft doc you will see that they have not "disabled raw packets" but disabled commonly abused types of raw packet. If anyone has a genuine business application which uses spoofed source raw UDP packets or customised TCP data, I will frankly be disgusted. It is coding of that sort which destroys the IT industry; there are applications for this functionality elsewhere, but there are no real business interface applications which should require such functionality from the protocol stacks. Functionality comes at the cost of simplicity. Just as you can't accurately measure the position of an electron without affecting its speed; and you cannot make software more feature full, without making it more complex (and for most users therefore harder to use). If you are using NMAP for local security checks, and XP is your primary desktop OS then I would highly recommend putting your scanner on another system. A large number of the exploits available for less patched versions of Windows will be able to infect your scanning machine as well (via local lan exploits). Whilst most malware is not sophisticated enough to get in and take out the NMAP logs, the possibility (and thus risk) is there. Use a secure-by-default OS and add limited and carefully veto'd systems to it for your IDS solutions. Cost is not an issue here as many options for the systems in question are free. On Thu, 12 Aug 2004 08:01:23 -0500, PJ <pj114 () megapathdsl net> wrote:
FYI... The current NMAP (Windows) version is now broken when applying SP2. MS has disabled the use of RAW packets... Details can be found on insecure.org (by Fyodor). .... But then NMAP also ran on Win95 which did not support RAW packets - thus maybe a patched version will be available in the future. Before someone says it ... I will. You should be running Linux anyway if you want real functionality. PJ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Service Pack 2, don't discuss it here. Niek Baakman (Aug 12)
- Re: Service Pack 2, don't discuss it here. Tom Russell (Aug 12)
- Re: Service Pack 2, don't discuss it here. A.V. (Aug 12)
- Re: Service Pack 2, don't discuss it here. Harlan Carvey (Aug 12)
- Re: Service Pack 2, don't discuss it here. Niek Baakman (Aug 12)
- SP2 and NMAP PJ (Aug 12)
- Re: SP2 and NMAP James Tucker (Aug 13)
- Re: SP2 and NMAP Mike Nice (Aug 13)
- RE: SP2 and NMAP Geo. (Aug 13)
- Re: Service Pack 2, don't discuss it here. Tom Russell (Aug 12)