Snort mailing list archives

Re: GRC.com attack and TCP stacks

From: "Jason Robertson" <jason () ifutureinc com>
Date: Sun, 24 Jun 2001 17:58:55 -0400

Actually WinNT and all versions of Windows after Win95 (though there was 
the Winsock2 update), that allowed for Raw Sockets.

I even have a few spoofers that work on win95/98 (with winsock2).  And 
remember where there is a will there is a way...

Jason

On 22 Jun 2001, at 21:11, Edwin Chiu wrote:

Date sent:              Fri, 22 Jun 2001 21:11:40 -0400
From:                   Edwin Chiu <Edwin.Chiu () e-wares com>
To:                     galitz () uclink berkeley edu
Copies to:              snort-users () lists sourceforge net
Subject:                Re: [Snort-users] GRC.com attack and TCP stacks

Quoting Galitz <galitz () uclink berkeley edu>:

So, I read the above URL, but I am curious.  Steve
states:


    Microsoft's engineers never fully implemented the complete
    "Unix Sockets" specification in any of the previous version
    of Windows. 

And goes to say that a MS Windows pre-2000 or XP box cannot
generate spoofed packets without the attacker (or security 
auditor) using special device drivers.

My question is... what the heck is he talking about?  Is
this true?  Is it not possible to generate spoofed traffic
on an NT box using only the OS and no new drivers to be
installed?  What missing functionality is being alluded
to here?


I believe he is referring to Raw Sockets, something that is 
implemented in Winsock 2.0 and available for download for
all versions of Windows, or 9x/NT. Although I always thought
NT allowed you to create Raw Sockets.

Regards,
Edwin




---
Jason Robertson                
Network Analyst            
jason () ifutureinc com    
http://www.astroadvice.com      

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

GRC.com attack and TCP stacks Galitz (Jun 22)
- Re: GRC.com attack and TCP stacks Edwin Chiu (Jun 22)
  - Re: GRC.com attack and TCP stacks Benjamin Krueger (Jun 23)
    - Re: GRC.com attack and TCP stacks Matt Watchinski (Jun 24)
  - Re: GRC.com attack and TCP stacks Jason Robertson (Jun 24)
- <Possible follow-ups>
- RE: GRC.com attack and TCP stacks Mayers, Philip J (Jun 25)