Raw socket support in Winsock ?
in [Security]
|
From: karthikbalaguru on 5 Jan 2010 05:21 Hi, I came across the below link - http://en.wikipedia.org/wiki/Raw_socket I am eager to know the reasons for the raw socket support in the Winsock interface during the initial Windows XP release ? Any specific reasons / uses for it ? Thx in advans, Karthik Balaguru
From: Andrew McLaren on 5 Jan 2010 06:54 karthikbalaguru wrote: > I am eager to know the reasons for the raw socket > support in the Winsock interface during the initial > Windows XP release ? http://msdn.microsoft.com/en-us/library/ms740548(VS.85).aspx
From: karthikbalaguru on 5 Jan 2010 10:05 On Jan 5, 4:54 pm, Andrew McLaren <m...(a)somewhere.com> wrote: > karthikbalaguru wrote: > > I am eager to know the reasons for the raw socket > > support in the Winsock interface during the initial > > Windows XP release ? > > http://msdn.microsoft.com/en-us/library/ms740548(VS.85).aspx Thx for the link ! As per the link, the ability to send traffic over raw sockets has been restricted in several ways in new Windows releases after 'Windows XP with SP2' . The reasons for the below changes w.r.t Raw Sockets are not clearly mentioned in that link . Any ideas ? 1) TCP data cannot be sent over raw sockets. But why ? 2) A call to the bind function with a raw socket is not allowed. But why ? Any ideas ? But, the below reason w.r.t raw socket & UDP datagram support is clear - 3) UDP datagrams with an invalid source address cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped. This change was made to limit the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets (TCP/IP packets with a forged source IP address). Thx in advans, Karthik Balaguru
From: John John - MVP on 5 Jan 2010 10:37 karthikbalaguru wrote: > On Jan 5, 4:54 pm, Andrew McLaren <m...(a)somewhere.com> wrote: >> karthikbalaguru wrote: >>> I am eager to know the reasons for the raw socket >>> support in the Winsock interface during the initial >>> Windows XP release ? >> http://msdn.microsoft.com/en-us/library/ms740548(VS.85).aspx > > Thx for the link ! > > As per the link, the ability to send traffic over raw sockets > has been restricted in several ways in new Windows > releases after 'Windows XP with SP2' . > > The reasons for the below changes w.r.t Raw Sockets > are not clearly mentioned in that link . Any ideas ? > 1) TCP data cannot be sent over raw sockets. > But why ? > > 2) A call to the bind function with a raw socket is not allowed. > But why ? Any ideas ? > > But, the below reason w.r.t raw socket & UDP datagram > support is clear - > 3) UDP datagrams with an invalid source address cannot be sent > over raw sockets. The IP source address for any outgoing UDP > datagram must exist on a network interface or the datagram is > dropped. This change was made to limit the ability of malicious > code to create distributed denial-of-service attacks and limits the > ability to send spoofed packets (TCP/IP packets with a forged > source IP address). It's all to do with security. [Quote] Restricted traffic over raw sockets Detailed description A very small number of Windows applications make use of raw IP sockets, which provide an industry-standard way for applications to create TCP/IP packets with fewer integrity and security checks by the TCP/IP stack. The Windows implementation of TCP/IP still supports receiving traffic on raw IP sockets. However, the ability to send traffic over raw sockets has been restricted in two ways: * TCP data cannot be sent over raw sockets. * UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped. Why is this change important? What threats does it help mitigate? This change limits the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets, which are TCP/IP packets with a forged source IP address. [end quote] http://technet.microsoft.com/en-us/library/bb457156.aspx John
From: karthikbalaguru on 5 Jan 2010 11:25 On Jan 5, 8:37 pm, John John - MVP <audetw...(a)nbnot.nb.ca> wrote: > karthikbalaguru wrote: > > On Jan 5, 4:54 pm, Andrew McLaren <m...(a)somewhere.com> wrote: > >> karthikbalaguru wrote: > >>> I am eager to know the reasons for the raw socket > >>> support in the Winsock interface during the initial > >>> Windows XP release ? > >>http://msdn.microsoft.com/en-us/library/ms740548(VS.85).aspx > > > Thx for the link ! > > > As per the link, the ability to send traffic over raw sockets > > has been restricted in several ways in new Windows > > releases after 'Windows XP with SP2' . > > > The reasons for the below changes w.r.t Raw Sockets > > are not clearly mentioned in that link . Any ideas ? > > 1) TCP data cannot be sent over raw sockets. > > But why ? > > > 2) A call to the bind function with a raw socket is not allowed. > > But why ? Any ideas ? > > > But, the below reason w.r.t raw socket & UDP datagram > > support is clear - > > 3) UDP datagrams with an invalid source address cannot be sent > > over raw sockets. The IP source address for any outgoing UDP > > datagram must exist on a network interface or the datagram is > > dropped. This change was made to limit the ability of malicious > > code to create distributed denial-of-service attacks and limits the > > ability to send spoofed packets (TCP/IP packets with a forged > > source IP address). > > It's all to do with security. > Okay. Agreed !! But, why is this change not present in the versions earlier to 'Windows XP with SP2' ? The below link seems to convey that these restrictions do not apply to Windows Server 2008 , Windows Server 2003, or to versions of the operating system earlier than Windows XP with SP2 . But, Why ? http://msdn.microsoft.com/en-us/library/ms740548(VS.85).aspx# > [Quote] > > Restricted traffic over raw sockets > > Detailed description > > A very small number of Windows applications make use of raw IP sockets, > which provide an industry-standard way for applications to create TCP/IP > packets with fewer integrity and security checks by the TCP/IP stack. > The Windows implementation of TCP/IP still supports receiving traffic on > raw IP sockets. However, the ability to send traffic over raw sockets > has been restricted in two ways: > > * TCP data cannot be sent over raw sockets. > > * UDP datagrams with invalid source addresses cannot be sent over raw > sockets. The IP source address for any outgoing UDP datagram must exist > on a network interface or the datagram is dropped. > > Why is this change important? What threats does it help mitigate? > > This change limits the ability of malicious code to create distributed > denial-of-service attacks and limits the ability to send spoofed > packets, which are TCP/IP packets with a forged source IP address. > > [end quote] > > http://technet.microsoft.com/en-us/library/bb457156.aspx > Thx for the link ! The above link conveys that this change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers as Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Thx in advans, Karthik Balaguru
|
Next
|
Last
Pages: 1 2 Prev: Domain Administrator password change? Next: Smart card is required for interactive logon |