Copy Link
Add to Bookmark
Report
Raw Socket Access in Windows XP
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=
-= Raw Socket Access in Windows XP =-
-= By Tierra =-
-= tierra@phreaker.net =-
-= http://www.2600slc.org =-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
First let me explain what raw socket access means. While performing attacks such
as DDoS attacks, you would need to cover your IP address to not get traced and caught by
spoofing your IP address, but IP spoofing requires root access on Unix systems, so that
the attack software can open a "raw" network socket. Most applications use "cooked"
sockets, where the IP stack provides the necessary packet headers. A raw socket means
that the application must prepare the necessary headers itself. This permits you to put
any information you want in the headers, including spoofed IP addresses. Note that
Windows NT also supports raw sockets, so this is not just a Unix issue.
Such an attack was made on Steve Gibson's company, as some of you may have heard
about a long time ago, by a 13 year old who goes by the nick name "Wicked". Gibson was
so disturbed from watching his own company get hit this hard by a 13 year old, he is now
dedicating his life to fixing this "large and dangerous bug" as he believes it is. He is
now working on a program to find out if your ISP allows you to send spoofed packets, for
the sake of putting ISPs to shame and out of business for a more secure and reliable
Internet. His story on the DDoS attacks on his site is explained in the link at the
bottom of this text.
When those insecure and maliciously potent Windows XP machines are mated to
high-bandwidth Internet connections, we are going to experience an escalation of Internet
terrorism the likes of which has never been seen before." - Steve Gibson
There is another very interesting article I came across talking with Mike Neyman
(programmer, my former co-worker). It's a theory about Microsoft coming out with raw
socket access on purpose for bigger plans, as in taking over the Internet. The link to
this article is found at the bottom of this text.
To briefly summarize this article, it talks about Microsoft making Windows XP so
vulnerable with raw socket access on purpose so that when script kiddies and hackers
infest these machines so horribly that TCP/IP and IPX will neither be safe to run and a
new Internet Protocol needs to be written to save everyone's ass. Supposedly, this
protocol has already been written and is built into Windows XP (but isn't installed or
activated). After the need for it is that bad, and it's released, Microsoft will have
almost full control over the entire Internet. Anyway, it's a rather long and very
opinionated article, and possibly worth reading.
Being that my talk is on raw sockets in Windows XP and not raw sockets alone,
I'm going to finish up with my remarks on Windows XP shipping with raw socket access.
Also being my first talk, I have an excuse for making this a small talk, so I'll start
on my conclusion now.
My beliefs towards Microsoft coming out with raw socket support is - "great for
them for coming out of their marketing shell", but the downside to all of this is if
Cringely is right with his theories, then we are in for hell, and Microsoft still never
came out of their marketing shell. Being the next in line to become a major consumer
Operating System, Windows XP is more public and open for attack against the usual idiotic
consumer buying a computer and could be abused to the point of getting 50 times more IRC
bots for use in DDoS attacks. Personally I think that being that it is YOUR personal
computer, I don't see why you shouldn't be given the options to do whatever the hell you
want with it though. What I really think is stupid is the fact that Microsoft has the
right to force Windows XP on all new boxes built, therefore being able to force settings
onto users.
-=-=-=-=-=-=-=-=-=-=-=-
� http://grc.com/dos/grcdos.htm - GRC, Steve Gibson Under Attack
� http://www.pbs.org/cringely/pulpit/pulpit20010802.html - PBS Cringely Talk
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-
� 2600SLC.ORG 2002
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-