Full Disclosure mailing list archives

RE: SP2 and NMAP

From: Frank Knobbe <frank () knobbe us>
Date: Fri, 13 Aug 2004 11:52:01 -0500

On Fri, 2004-08-13 at 11:21, Castigliola, Angelo wrote:

Microsoft told Fyodor the reason they disabled raw sockets in SP2 was:

"We have removed support for TCP sends over RAW sockets in SP2. We
surveyed applications and found the only apps using this on XP were
people writing attack tools."



Silly thing to say anyway. Even if raw sockets are no longer available,
attack tools can (and some do) still use their own IP stacks
(libpcap/libdnet/etc). Unless MS starts to filter calls on the network
driver layer, attack tools will still work.

Nicely shows Microsoft's lack of understanding in this area though.

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

RE: SP2 and NMAP Castigliola, Angelo (Aug 13)
- RE: SP2 and NMAP Frank Knobbe (Aug 13)
- <Possible follow-ups>
- RE: SP2 and NMAP Justin Azoff (Aug 13)