Regarding Windows implementation, it does not appear that SP2 restricts UDP datagrams over raw sockets (except in the case of spoofing). I'll qualify that I haven't seen/tried an implementation yet, but take a look at this:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx <snippet> What new functionality is added to [TCP] in Windows XP Service Pack 2? Restricted traffic over raw sockets Detailed description A very small number of Windows applications make use of raw IP sockets, which provide an industry-standard way for applications to create TCP/IP packets with fewer integrity and security checks by the TCP/IP stack. The Windows implementation of TCP/IP still supports receiving traffic on raw IP sockets. However, the ability to send traffic over raw sockets has been restricted in two ways: . TCP data cannot be sent over raw sockets. . UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped. Why is this change important? What threats does it help mitigate? This change limits the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets, which are TCP/IP packets with a forged source IP address. Limited number of simultaneous incomplete outbound TCP connection attempts Detailed description The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system's event log. Why is this change important? What threats does it help mitigate? This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program. </snippet> According to MSFT, this is the only place where UDP restrictions for raw sockets seem to apply in SP2. I'm sure I'm missing something. . . Travis -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Pankratov Sent: Monday, June 19, 2006 11:26 AM To: Peer-to-peer development. Subject: Re: [p2p-hackers] ICMP tunneling > Alex (pankratov), do you have any experience with Hamachi on this tip? No, not with Hamachi. Implementing ICMP tunneling on Windows requires writing NDIS/IM driver or an equivalent and it is an absolutely royal pain in the butt to support. In other words it is somewhat hard to justify :) Alex Travis Kalanick wrote: > Doing a bunch of traveling recently in Asia (adventures blogged here: > http://blog.redswoosh.net <http://blog.redswoosh.net/>), I've found > myself in many situations where I've had to purchase wireless Internet > access, quite often at double or triple the prices seen in the States. > > > > Before paying however, I am almost always able to do a DNS look-up and > sometimes even ping remote hosts, though normal Internet traffic over > port 80 (and various other ports) is blocked. > > > > It got me to thinking about ICMP tunneling around these wireless "toll > booths" so I could travel Asia and even the states without having to > communicate over those popular ports that cost money to communicate over. > > > > Maybe something could be coded up to tunnel over ICMP to a proxy > server (or proxy peer), that then translates communication back to the > intended protocol and port and forwards communication along. It seems > that at least theoretically, with raw sockets and promiscuous > settings, even on Windows machines, this should be possible. > > > > Anybody have experience with tunneling over this widespread, but often > forgotten protocol and port? Could it also be useful for NAT > traversal in extreme conditions? > > > > Alex (pankratov), do you have any experience with Hamachi on this tip? > > > > T > > > > > > Travis Kalanick > Red Swoosh, Inc. > > Blog - http://blog.redswoosh.net <http://blog.redswoosh.net/> > > High quality video without bandwidth costs! > > www.redswoosh.net > > > > > ---------------------------------------------------------------------- > -- > > _______________________________________________ > p2p-hackers mailing list > [email protected] > http://zgp.org/mailman/listinfo/p2p-hackers > _______________________________________________ > Here is a web page listing P2P Conferences: > http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences _______________________________________________ p2p-hackers mailing list [email protected] http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences _______________________________________________ p2p-hackers mailing list [email protected] http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
