Thursday, April 28, 2005

M$ "Blocking" Raw Socket

With they new patch for Windows XP Service pack 2, M$ claimed that this will increase the security of Operating system; In detailed the patch was blocking "raw socket" .

Raw sockets are a little-known feature of the TCP/IP protocol on which the Internet runs. The feature is heavily relied upon by security professionals as it allows them to bypass certain controls to create more customised TCP/IP packets and analyse Internet data.

They believe the feature could be used to launch denial of service (DoS) attacks. As we know MS Blast using raw sockets to launch a huge TCP SYN attack against Microsoft. TCP SYN packets can be used along with fake IP addresses to flood a target and deny it access to network services.

Fyodor think it was a "joke" coz as he said "This is funny, since all of the other platforms Nmap supports (eg Mac OS X, Linux, the BSD variants) offer raw sockets and yet they haven't become the wasp nest of spambots, worms and spyware that infest so many Windows boxes."

No comments:

Post a Comment