Home page logo
/

nmap-dev logo Nmap Development mailing list archives

raw-sockets and Win-XP SP2
From: "Sean Warnock" <removeme_news () warnocksolutions com>
Date: Thu, 24 Jun 2004 10:02:48 -0700

I have been playing around with Win XP SP2 RC1 and just installed RC2 on my machine last night. I have noticed some trouble with nmap. I have not run a packet sniffer to see what was happening but that definatly sounds like a reasonable explanation. Nmap runs on a Windows XP SP2 RC1 machine have been showing the scanned host is up but with no open ports. If I do a full connect scan then it is able to detect open ports.

Sean


I've heard strong rumours that the upcoming Win-XP SP2 will disable
the use of SOCK_RAW sockets for any user (admin included). This
will certainly hurt the use of nmap on Win-XP unless we go with
libnet for all platforms.
Steve Gibson (of www.grc.com) has been talking about the danger
of raw-sockets for years; "... have ANY practical need for raw
sockets" [*] he claims. Yeah right. Seems MS is now listening to
him. Yet for years they have deprecated the use of the ICMP API for
ping-like programs. And advised us to use SOCK_RAW instead. Back
to using icmp.dll again I guess.
I for one will not install the service-pack unless there's a loop-hole
to enable SOCK_RAW again. Anyone with additional info on this?
[*] http://www.grc.com/dos/sockettome.htm
--gv


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]