[Courses] [Security] netstat status field
Raven, corporate courtesan
raven at oneeyedcrow.net
Mon Mar 11 15:27:20 EST 2002
Heya --
Quoth Hamster (Mon, Mar 11, 2002 at 06:14:02PM +0100):
> I hope this big OOOHHHHHHHH AAHHHHHH!!!! shows that I now understand perfectly, and thank you again!!!
[grin] Teachers live for these moments.
> That makes much more sense too now about the winxp raw sockets issue....
Exactly. For those of you that hadn't seen it in the news a
few months ago, there was a big to-do when WinXP was released. For the
first time in a Microsoft OS, you had the capability to use raw sockets,
and that means you have the ability to make any kind of packet you want,
even if it's a bad one that the normal TCP/IP stack would never produce.
Unix has had this capability for ages.
There were some security folk that were convinced that the
number of spoofed packet and bad packet attacks would increase
astronomically now that Windows users could do it too. (The idea, I
think, was that there are lots of script kiddies out there who don't
speak Unix, and so couldn't make bad packets to attack people with.
With the power to do this now built into Windows, it would be easy for a
Win programmer to make a GUI packet-crafter front end, and thus give
script kiddies a powerful new tool.) In particular, Steve Gibson raised
the roof about it.
http://grc.com/dos/sockettome.htm
That's his edited reply. [grin] He backpedaled a lot from his
original "raw sockets are evil, Microsoft is destroying the Internet"
position. It's almost funny.
I haven't heard of any great increase in spoofed or bad packet
attacks since, so it doesn't appear to have been a great problem. So
far. [grin]
As with many security tools, the problem is that the knowledge
that can be used to protect and defend is pretty much the same knowledge
that would make one a formidable attacker. Tools like nmap or Dan
Farmer's SATAN (http://www.cerias.purdue.edu/coast/satan.html) and its
spinoff SAINT (http://www.saintcorporation.com/saint/) generally spark a
huge argument about the ethics of such security tools.
Cheers,
Raven
"Sed, sed, awk. Like duck, duck, goose. Sync, sync, halt. It's the
order of nature."
-- me, after too long a day at work
More information about the Courses
mailing list