If you are going to try and bash Microsoft for doing something, maybe you should at least look at some of the documents surrounding the reasons for doing it, and then be accurate: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx#XSLTsection127121120120 and a documented attack which utilised the windows raw socket functionality: http://www.grc.com/dos/drdos.htm
If you read the above Microsoft doc you will see that they have not "disabled raw packets" but disabled commonly abused types of raw packet. If anyone has a genuine business application which uses spoofed source raw UDP packets or customised TCP data, I will frankly be disgusted. It is coding of that sort which destroys the IT industry; there are applications for this functionality elsewhere, but there are no real business interface applications which should require such functionality from the protocol stacks. Functionality comes at the cost of simplicity. Just as you can't accurately measure the position of an electron without affecting its speed; and you cannot make software more feature full, without making it more complex (and for most users therefore harder to use). If you are using NMAP for local security checks, and XP is your primary desktop OS then I would highly recommend putting your scanner on another system. A large number of the exploits available for less patched versions of Windows will be able to infect your scanning machine as well (via local lan exploits). Whilst most malware is not sophisticated enough to get in and take out the NMAP logs, the possibility (and thus risk) is there. Use a secure-by-default OS and add limited and carefully veto'd systems to it for your IDS solutions. Cost is not an issue here as many options for the systems in question are free. On Thu, 12 Aug 2004 08:01:23 -0500, PJ <[EMAIL PROTECTED]> wrote: > FYI... The current NMAP (Windows) version is now broken when applying SP2. > MS has disabled the use of RAW packets... Details can be found on > insecure.org (by Fyodor). > .... But then NMAP also ran on Win95 which did not support RAW packets - thus > maybe a patched version will be available in the future. > > Before someone says it ... I will. You should be running Linux anyway if > you want real functionality. > > PJ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
