Nmap Development mailing list archives

raw-sockets and Win-XP SP2

From: "Gisle Vanem" <giva () bgnett no>
Date: Thu, 24 Jun 2004 18:47:24 +0200

I've heard strong rumours that the upcoming Win-XP SP2 will disable
the use of SOCK_RAW sockets for any user (admin included). This 
will certainly hurt the use of nmap on Win-XP unless we go with
libnet for all platforms.

Steve Gibson (of www.grc.com) has been talking about the danger
of raw-sockets for years; "... have ANY practical need for raw 
sockets" [*] he claims. Yeah right. Seems MS is now listening to 
him. Yet for years they have deprecated the use of the ICMP API for 
ping-like programs. And advised us to use SOCK_RAW instead. Back 
to using icmp.dll again I guess.

I for one will not install the service-pack unless there's a loop-hole
to enable SOCK_RAW again. Anyone with additional info on this?

[*] http://www.grc.com/dos/sockettome.htm

--gv



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org

Current thread:

raw-sockets and Win-XP SP2 Gisle Vanem (Jun 24)
- Re: raw-sockets and Win-XP SP2 Leigh (Jun 24)
- Re: raw-sockets and Win-XP SP2 Leigh (Jun 25)
  - Re: raw-sockets and Win-XP SP2 Gisle Vanem (Jun 25)
- <Possible follow-ups>
- raw-sockets and Win-XP SP2 Sean Warnock (Jun 24)
  - Re: raw-sockets and Win-XP SP2 Leigh (Jun 24)