Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: raw-sockets and Win-XP SP2

Re: raw-sockets and Win-XP SP2

From: Leigh <hst_at_iprimus.com.au>
Date: Fri, 25 Jun 2004 19:18:49 +1000

It is confirmed. Message reply taken from Windows XP SP2 Beta listserv, and
since when is Nmap an "attack tool"??. I know Nmap (and any other decent
comms utility) can probably be put to illegitimate use if the user is that
way inclined. I think they have their wires crossed a little bit. The bigger
threat (as I see it) is from internet worms, spyware, weak password (.SAM
file bruting) and the rest.

So how about the no raw sockets command line option in Nmap? might give that
a try.

Leigh
hst_at_iprimus.com.au

---------------------------------------------
Leigh,

Half-right. We have removed support for TCP sends over RAW sockets in SP2.
We surveyed applications and found the only apps using this on XP were
people writing attack tools.

Regards,

-David
----------------------------------------------

"Leigh" <hst_at_iprimus.com.au> wrote in message
news:Og1iPjhWEHA.232_at_CPMSFTNGSA04.privatenews.microsoft.com...
> I have heard a "rumour" :) that there are plans to remove raw sockets
> (and/or support for packet.dll) in the final release of SP2? is this
> correct?
>
> Leigh
> hst_at_iprimus.com.au
>
>

----- Original Message -----
From: "Gisle Vanem" <giva_at_bgnett.no>
To: "Nmap-dev" <nmap-dev_at_insecure.org>
Sent: Friday, June 25, 2004 2:47 AM
Subject: raw-sockets and Win-XP SP2

> I've heard strong rumours that the upcoming Win-XP SP2 will disable
> the use of SOCK_RAW sockets for any user (admin included). This
> will certainly hurt the use of nmap on Win-XP unless we go with
> libnet for all platforms.
>
> Steve Gibson (of www.grc.com) has been talking about the danger
> of raw-sockets for years; "... have ANY practical need for raw
> sockets" [*] he claims. Yeah right. Seems MS is now listening to
> him. Yet for years they have deprecated the use of the ICMP API for
> ping-like programs. And advised us to use SOCK_RAW instead. Back
> to using icmp.dll again I guess.
>
> I for one will not install the service-pack unless there's a loop-hole
> to enable SOCK_RAW again. Anyone with additional info on this?
>
> [*] http://www.grc.com/dos/sockettome.htm
>
> --gv
>
>
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to
> nmap-dev-help@insecure.org . List archive: http://seclists.org
>
>
>

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help@insecure.org . List archive: http://seclists.org
Received on Jun 25 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]