Re: [OT] raw TCP/IP sockets?
* Mike Pfleger (pfleger@pfleger-precision.com) spake thusly:
> Hello.
>
> I've included a snippet of an exchange regarding the "raw TCP/IP socket"
> issue that Cringley (IIRC) was talking about in that article from a few
> weeks back. Could someone please comment on whether I've understood
> this correctly? I never got a reply to my response.
>
> >> With the Berkley Sockets TCPIP (ie Linux, BSD, Solaris, ...) you can
> >> build a complete IP packet and send it down to the network card
> >> (ethernet) for transmission. You need to be root, but you can do it.
> >>
> >> Windows TCPIP currently doesn't allow this. You send the data packet
> >> plus headers for it to assemble and it doesn't allow the user to set
> >> the source IP.
> >>
> >> So all those denial of service attacks launched from Windows
> >> machines are traceable from the target. Now enter a world where you
> >> would have to check ever upstream router to trace back to the
> >> sources.
>
> > So let me see if I understand all of this correctly. With windoze XP
> > having "raw" TCP/IP sockets (like *nix), but which do _not_ require su
> > privs to access (unlike *nix), any user can spoof IPs? Thus an app
> > (read worm) can have IP spoofing abilities without needing suid root
> > on execution?
That depends. As long as you also understand that 1) _any_ user can
install Linux, BSD, Solaris on their home box and have r00t on it (and
thus any user can spoof IPs anyway), and 2) this functionality can be
added to pre-XP winders by installing a DLL (so a worm/virus could spoof
IPs, too), yes, you do understand it correctly.
HTH
Dima
--
E-mail dmaziuk at bmrb dot wisc dot edu (@work) or at crosswinds dot net (@home)
http://www.bmrb.wisc.edu/descript/gpgkey.dmaziuk.ascii -- GnuPG 1.0.4 public key
One distinguishing characteristic of BOFHen is attention deficit disorder.
Put me in front of something boring and I can find a near-infinite number
of really creative ways to bugger off. -- ADB
Reply to: