Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: raw-sockets and Win-XP SP2

Re: raw-sockets and Win-XP SP2

From: Leigh <hst_at_iprimus.com.au>
Date: Fri, 25 Jun 2004 04:37:51 +1000

I am beta testing XP SP2 and I think nmap is working okay for me thus far
(although I have had horrendous problems with programs that use packet.dll
even in XP SP1 & nmap always wants -P0 but I thought this may have something
to do with my IDS). We are currently on release 2 of the SP and I am with no
idea when the final is. Judging by the number of people whinging on the
listserv with nasty errors in the networking/security aspects - it will
probably be a long while coming.

I have quizzed them about why they are doing this & I'll let you know what
they say (if/when I get a reply). And yeah, Steve Gibson is an arse who I
guess happens to release good utilities for noob windows users every once in
a while. What is he going on about anyway?, to my knowledge there are no
trojans or worms that exclusively use raw sockets? but I could be wrong
about that.

It appears that we would need is the negative of his existing "socket lock"
program (that unfortunately *disables* :( raw sockets), im sure it would be
possible for some bright spark to code.

Leigh
hst_at_iprimus.com.au

----- Original Message -----
From: "Gisle Vanem" <giva_at_bgnett.no>
To: "Nmap-dev" <nmap-dev_at_insecure.org>
Sent: Friday, June 25, 2004 2:47 AM
Subject: raw-sockets and Win-XP SP2

> I've heard strong rumours that the upcoming Win-XP SP2 will disable
> the use of SOCK_RAW sockets for any user (admin included). This
> will certainly hurt the use of nmap on Win-XP unless we go with
> libnet for all platforms.
>
> Steve Gibson (of www.grc.com) has been talking about the danger
> of raw-sockets for years; "... have ANY practical need for raw
> sockets" [*] he claims. Yeah right. Seems MS is now listening to
> him. Yet for years they have deprecated the use of the ICMP API for
> ping-like programs. And advised us to use SOCK_RAW instead. Back
> to using icmp.dll again I guess.
>
> I for one will not install the service-pack unless there's a loop-hole
> to enable SOCK_RAW again. Anyone with additional info on this?
>
> [*] http://www.grc.com/dos/sockettome.htm
>
> --gv
>
>
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to
> nmap-dev-help@insecure.org . List archive: http://seclists.org
>
>
>

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help@insecure.org . List archive: http://seclists.org
Received on Jun 24 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]