[OT] raw TCP/IP sockets?
Hello.
I've included a snippet of an exchange regarding the "raw TCP/IP socket"
issue that Cringley (IIRC) was talking about in that article from a few
weeks back. Could someone please comment on whether I've understood
this correctly? I never got a reply to my response.
>> With the Berkley Sockets TCPIP (ie Linux, BSD, Solaris, ...) you can
>> build a complete IP packet and send it down to the network card
>> (ethernet) for transmission. You need to be root, but you can do it.
>>
>> Windows TCPIP currently doesn't allow this. You send the data packet
>> plus headers for it to assemble and it doesn't allow the user to set
>> the source IP.
>>
>> So all those denial of service attacks launched from Windows
>> machines are traceable from the target. Now enter a world where you
>> would have to check ever upstream router to trace back to the
>> sources.
> So let me see if I understand all of this correctly. With windoze XP
> having "raw" TCP/IP sockets (like *nix), but which do _not_ require su
> privs to access (unlike *nix), any user can spoof IPs? Thus an app
> (read worm) can have IP spoofing abilities without needing suid root
> on execution?
TIA,
Mike Pfleger
There's seventy brilliant people on earth.
Where are they hiding?
"Yashar" -Cabaret Voltaire (off of "2x45")
Reply to: