Slashdot Mirror
Microsoft States Full TCP/IP Too Dangerous
daria42 writes "To fully implement the TCP/IP protocol in Windows XP would make creating denial of service attacks 'entirely too trivial', Microsoft has claimed. The company was responding to claims by Nmap author and well-known security expert Fyodor that by repeatedly disabling the ability to send TCP/IP packets via the 'raw sockets' avenue, Microsoft was asking the security community to 'pick their poison': either cripple their operating system or leave it open to hackers. Admitting that a recent security patch had intentionally disabled a community-developed workaround to Microsoft's TCP/IP changes - which were first implemented in Windows XP Service Pack 2 - the company claimed it had received little negative feedback on the issue."
To fully implement the TCP/IP protocol in Windows XP would make creating denial of service attacks 'entirely too trivial'
This is because XP is not designed right, not because the TCP/IP protocol is wrong. (just to be clear)
The quote from Fyodor is:
"Pick your poison: Install MS05-019 and cripple your OS, or ignore the hotfix and remain vulnerable to remote code execution and DoS."
It's like... we just... can't... win.
Fyodor goes on to say...
"Nmap has not supported dialup nor any other non-ethernet connections
on Windows since this silly limitation was added. The new TCP
connection limit also substantially degrades connect() scan. Nmap
users should avoid thinking that all platforms are supported equally.
If you have any choice, run Nmap on Linux, Mac OS X, Open/FreeBSD, or
Solaris rather than Windows. Nmap will run faster and more reliably.
Or you can try convincing MS to fix their TCP stack. Good luck with
that."
The answer, my friend, is to drop Microsoft.
Baby, meet bathwater.
The dangers of knowledge trigger emotional distress in human beings.
On UNIX-like systems, creating a RAW socket can only be done by the superuser. Putting a similar restriction on Windows (substitute Administrator for superuser) would provide no benefit, since Windows is designed in such a way that most users run as an Administrator. Depressingly, the RunAs service has been around for many years now, completely eliminating the need to run as an Administrator. Unfortunately, the lack of a decent UI for this service has prevented its widespread use.
I am TheRaven on Soylent News
If they locked down raw sockets and made it available only to administrators or root users, that would solve it.
Gibson points out that other operating systems do this, while Windows doesn't. The problem lies there, not in the inclusion of raw sockets API.
How do you modify the registry without logging out the local user?
/user:Administrator@domain regedit.exe
/user:Administrator@domain "C:\program files\internet explorer\iexplore.exe"
runas
How do you add printers to the machine without logging out the user?
runas
Click View, Explorer Bar, go to printers control panel, add printer...
Yes, you're right, there are some things you still can't do using runas, but not many. Be creative.
Maxim: People cannot follow directions.
Increases in truth directly with the length of time spent explaining them
I remember "Steve Gibson" was bashed and debunked for talking about raw sockets in 2000 or 2001.
g eek_developing_winxp_raw/
There is a short audio file from Rob Rosenberg from where he repeadingly laughs at his claims.
By the way, wasn't Gibsons site defaced today by Fluffy Bunny?
http://www.farook.org/arc20010701.htm
http://www.vmyths.com/rant.cfm?id=335&page=4
http://www.theregister.co.uk/2001/06/12/security_
and so on. Is there anything new that has happened in the last 4 years?
Because XPSP2 recv Buffers are limited to 8KB.
Every OS has a size for those buffers, you have just discovered the XPSP2 size, congratulations.
Every other OS has a limit on that buffer, and I guess for every OS it is configurable in some way (in Windows there is some remote key in the registry).