Re: Steve Gibson
Quote:
Originally Posted by Pony99CA
It's funny, because Gibson was on "The Screen Savers" tonight, and talked about this. His point wasn't that Windows XP had raw sockets, it's that all home users were in admin mode by default and that's where raw sockets are allowed. In Windows 2000 and UNIX, most users aren't admin, and therefore don't have raw sockets.
|
Actually, I'm not sure Windows 2000 has a raw socket implementation without external libraries; besides, most home installs of W2k do have their users running as Admin.
In any case, near-any-user access to raw sockets is worrying. Nothing's happened yet, but it does enable one to write a worm that not only propagates over email, but uses raw sockets to launch DDoS, port scan, and other attacks while spoofing the IP address, etc. more easily.
For reference, a "raw socket" is one where you construct the IP packet manually, instead of constructing a TCP or UDP socket. The latter usually require you to set the source IP address and associated fields correctly, else it won't let you send out the packet. A IP packet constructed through a raw socket can be set up in a million ways, though, and things like IP spoofing are accomplished through raw sockets.
--bdj
|