Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Gsoc 2011 idea about IPv6
From: David Fifield <david () bamsoftware com>
Date: Thu, 24 Mar 2011 10:28:02 -0700

On Thu, Mar 24, 2011 at 05:19:22PM +0000, Rob Nicholls wrote:
On Thu, 24 Mar 2011 09:06:56 -0700, David Fifield wrote:
Windows doesn't support raw sockets at all

I don't think that's entirely true. Server 2003 has apparently
always been unaffected:

http://seclists.org/nmap-hackers/2005/4

This web page from Microsoft suggests it's also still possible on
Windows 2008 and 2008 R2:

http://msdn.microsoft.com/en-us/library/ms740548(v=vs.85).aspx

Limitations on Raw Sockets

On Windows 7, Windows Vista, Windows XP with Service Pack 2 (SP2),
and Windows XP with Service Pack 3 (SP3), the ability to send
traffic over raw sockets has been restricted in several ways:

 - TCP data cannot be sent over raw sockets.
 - UDP datagrams with an invalid source address cannot be sent over
raw sockets. The IP source address for any outgoing UDP datagram
must exist on a network interface or the datagram is dropped. This
change was made to limit the ability of malicious code to create
distributed denial-of-service attacks and limits the ability to send
spoofed packets (TCP/IP packets with a forged source IP address).
 - A call to the bind function with a raw socket for the IPPROTO_TCP
protocol is not allowed.

Note  The bind function with a raw socket is allowed for other
protocols (IPPROTO_IP, IPPROTO_UDP, or IPPROTO_SCTP, for example).

These above restrictions do not apply to Windows Server 2008 R2,
Windows Server 2008, Windows Server 2003, or to versions of the
operating system earlier than Windows XP with SP2.


I suspect the majority of Nmap users aren't using Windows Server;
but some of us have access to Windows Server variants to perform
port scans/penetration tests. It's probably not going to be a high
priority on the todo list though.

That's good to know. Users with non-crippled Windows could try --send-ip
in order to scan over non-Ethernet devices.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault