* Mike Pfleger ([EMAIL PROTECTED]) spake thusly: > Hello. > > I've included a snippet of an exchange regarding the "raw TCP/IP socket" > issue that Cringley (IIRC) was talking about in that article from a few > weeks back. Could someone please comment on whether I've understood > this correctly? I never got a reply to my response. > > >> With the Berkley Sockets TCPIP (ie Linux, BSD, Solaris, ...) you can > >> build a complete IP packet and send it down to the network card > >> (ethernet) for transmission. You need to be root, but you can do it. > >> > >> Windows TCPIP currently doesn't allow this. You send the data packet > >> plus headers for it to assemble and it doesn't allow the user to set > >> the source IP. > >> > >> So all those denial of service attacks launched from Windows > >> machines are traceable from the target. Now enter a world where you > >> would have to check ever upstream router to trace back to the > >> sources. > > > So let me see if I understand all of this correctly. With windoze XP > > having "raw" TCP/IP sockets (like *nix), but which do _not_ require su > > privs to access (unlike *nix), any user can spoof IPs? Thus an app > > (read worm) can have IP spoofing abilities without needing suid root > > on execution? That depends. As long as you also understand that 1) _any_ user can install Linux, BSD, Solaris on their home box and have r00t on it (and thus any user can spoof IPs anyway), and 2) this functionality can be added to pre-XP winders by installing a DLL (so a worm/virus could spoof IPs, too), yes, you do understand it correctly.
HTH Dima -- E-mail dmaziuk at bmrb dot wisc dot edu (@work) or at crosswinds dot net (@home) http://www.bmrb.wisc.edu/descript/gpgkey.dmaziuk.ascii -- GnuPG 1.0.4 public key One distinguishing characteristic of BOFHen is attention deficit disorder. Put me in front of something boring and I can find a near-infinite number of really creative ways to bugger off. -- ADB
