Slashdot Mirror
Microsoft States Full TCP/IP Too Dangerous
daria42 writes "To fully implement the TCP/IP protocol in Windows XP would make creating denial of service attacks 'entirely too trivial', Microsoft has claimed. The company was responding to claims by Nmap author and well-known security expert Fyodor that by repeatedly disabling the ability to send TCP/IP packets via the 'raw sockets' avenue, Microsoft was asking the security community to 'pick their poison': either cripple their operating system or leave it open to hackers. Admitting that a recent security patch had intentionally disabled a community-developed workaround to Microsoft's TCP/IP changes - which were first implemented in Windows XP Service Pack 2 - the company claimed it had received little negative feedback on the issue."
To fully implement the TCP/IP protocol in Windows XP would make creating denial of service attacks 'entirely too trivial'
This is because XP is not designed right, not because the TCP/IP protocol is wrong. (just to be clear)
The quote from Fyodor is:
"Pick your poison: Install MS05-019 and cripple your OS, or ignore the hotfix and remain vulnerable to remote code execution and DoS."
It's like... we just... can't... win.
Fyodor goes on to say...
"Nmap has not supported dialup nor any other non-ethernet connections
on Windows since this silly limitation was added. The new TCP
connection limit also substantially degrades connect() scan. Nmap
users should avoid thinking that all platforms are supported equally.
If you have any choice, run Nmap on Linux, Mac OS X, Open/FreeBSD, or
Solaris rather than Windows. Nmap will run faster and more reliably.
Or you can try convincing MS to fix their TCP stack. Good luck with
that."
The answer, my friend, is to drop Microsoft.
Baby, meet bathwater.
The dangers of knowledge trigger emotional distress in human beings.
No, Microsoft... none of those support raw sockets. Oh, wait... they all do. The problem is not raw sockets, the problem are the holes in the OS in the first place. If your OS doesn't run services that can be hacked, or if the applications don't allow to execute untrusted code there is no problem. Avoiding raw sockets is treating the symptoms, not the cause.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
In Redmond, this is what they call a win win.
Luck favors the prepared, darling.
Maybe Microsoft is right. Protocols are dangerous.
Wouldn't it be safer if we all just had a My TCP/IP folder?
Failure Modes and Effects Analysis... I would love to see that done on windows. Maybe find the problem itself rather than work around it and leave the faulires in there. Bad by design.
Evolution or ID?
It isn't "almost crippled."
Ordinary users on Unix are subject to even worse limitations (which is, in fact, why ping among other utilities runs setuid root).
Has anyone found that this makes Unix unusable for them? For that matter, outside of DDoS, connection hijacking, and abusing smtp servers to cover your tracks when spamming, is there ever any need for an application programmer to falsify a source address? Doing so means you won't get a reply from whatever you're trying to do.
All that said, I imagine if MS actually put some effort into fixing the security issues with their flagship product in the first place, so it didn't get hacked (hint: disable activex by default, along with integrated vb scripting in outlook), then there'd be no hacked machines to be used in attacks.
From it:
Food for thought.Avantslash - View Slashdot cleanly on your mobile phone.
I am actually going to side with Microsoft on this one. It is not as if they removed raw sockets, but rather restricted access to them. Let's consider who needs raw sockets, mostly advanced users. Advanced users are going to have an Administrator or root account on the Windows machine and therefore should have access to raw sockets, no? There is almost no reason for the average user to have raw sockets. They do create a real risk of bad network behavior and I imagine if someone were to create TCP/IP today instead of 30 years ago when the Internet was a much smaller, nicer place, raw sockets would not be part of the spec.
As an aside, I think I'm going to take the rest of the day off, agreeing with Microsoft is mentally jarring. It has to make you question existence just a little and also make you a touch ill.
Let's give MS some credit here, I think even they've come to realize that Gibson was right and raw sockets for users was a mistake. The fact of the matter is that they fixed the issue by taking away raw sockets, and now they have to defend that position.
I run Windows 2000 with my "secure" limited TCP/IP stack. My Windows machine has an IP address, subnet mask, gateway, etc. etc. This machine would get virii if I didn't run a virus checker, firewall, etc.
There is one difference between the two scenarios above - the operating system!
Yes, my UNIX-y boxes are subject to attacks from the Internet but not random attacks like viri and worms.
An attack on my UNIX-y boxes comes from a single, person or script trying to get into my box and trying to (probably) buffer overflow a specific application daemon like FTP, Telnet, etc (not that I run either of these on the Internet anyway!)
So let's not blame it on the "TCP/IP" stack because all attacks are as a result of attacking applications that use the stack, not the stack itself.
We'll also remind ourselves here that UNIX was built around TCP/IP 25 years ago whereas MS refused to believe TCP/IP existed until 15 years ago after Windows 3.11 came out and they had to write a limited stack to install into Windows.
Gentoo Linux - another day, another USE flag.
Then again, they have demonstrated a supreme lack of understanding when it comes to security so who knows.
Actually, I think we're seeing the maturation of a "corral the wagons" paranoia in Microsoft's culture. Lacking the ability to push any serious innovation internally (let's be serious, most of Microsoft's innovations during the past 20 years were brought in through acquisitions or copycat development ala VMS for NT, liberal borrowing from OS/2, Apple and Mach, etc). Now that antitrust severely limits acquisition growth, Microsoft is facing the same threat that broke Worldcom. Unable to make significant acquisitions, unable to meet growth internally, and now unable to cook the books like Worldcom, Microsoft's certain to get very defensive as the pressures heat up.
I thought I saw the beginnings of this phenomenon in 1998 at the IPv6 summit, where Microsoft's techs at the conference were explaining their implementation at first with great pride, only to be somewhat ashamed at how much they hadn't followed the specification very well, had numerous bugs and compatibility issues, and were clearly well behind everyone else. Nearly every other operating system had a much more mature implementation. (How long did that IPv6 stack remain a beta too?)
Amazingly, Microsoft is now attempting to patent IPv6 through a copy-cat specification (as was discussed on slashdot). Somehow it's not amusing when the kid who was not very successful in his participation in the group assignment decides to take exclusive credit for the group's effort.
So now Microsoft is blaming IPv4's engineering (when just like IPv6, everyone else seemed to understand and master the assignment EXCEPT Microsoft)?
As a teacher of mine once said to perpetual underachievers in class: Perhaps you might consider a career in food service instead?
I wrote an article about a very serious problem related to Windows Server 2003 TCP/IP.
Here's a quote : "Trying to set up a Windows Media streaming server to stream high-quality videos, I came across what I can now call a TCP/IP bug in Windows Server 2003 (Standard Edition). In some (not unusual) situations, the server simply cannot use all available bandwidth between itself and the client.
[...]
Eventually, I came to accept the idea that Windows Server 2003, an OS designed for server tasks, is not able to fill a 2Mbit/s ADSL connection. Yes I know it sounds incredible but I've been looking without success for another conclusion for the past 3 months."
Read the full technical explanation and see what Microsoft has to say about it : Microsoft Windows Server 2003 Buggy TCP/IP ?
Except everyony does their daily work signed on as administrator (by everone I mean the majority of average users). Maybe a desktop OS for the masses *should* be crippled in some ways, to protect people from themselves. And people who need a full featured OS can use something else (a seperate version of Windows, or whatever).
Why are you relying on such things? A TCP conection is a continuous stream of bytes, not a bunch of separate packets. There has never been any guarantee that send()s and recv()s would match up 1:1, even if they are less that 8k. If you are relying on this behavior, you need to fix your design.
Yes, the path becomes clear...
Abandon the industry standard for VMs (Java) and roll your own (.Net).
Abandon the industry standard for portable documents (PDF) and roll your own (Metro).
Abandon the industry standard for networking (TCP/IP) and roll your own (???).
Each sounds more improbable than the last. Yet the first one has happened, the second is going to happen, and thus the third seems much less improbable than it would have otherwise.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The brain damaged part has nothing to do with TCP/IP, because their implementation has nothing to do with security.
Seriously? You really think it's their brain damaged TCP/IP implementation that's at fault? Think again. It may be bad, but giving every program access to raw sockets is a bit silly considering how easy it is to get programs into Windows. But this is a good move, a better one would to have been to make it so it's not as simple to get untrusted programs running in Windows but I digress.
The various BSD flavours support raw sockets. So does Solaris, and even Linux for that matter.
.....
The difference with the Unix-like systems is that ordinary users don't get to poke about with dangerous stuff.
The real point is that Windows software has for too long depended on the assumption that the user has full unfettered access to every resource on the computer -- an assumption which had to cease to be true when Windows became network-aware, because in a networked environment some things are properly restricted. Yet for the best part of ten years, Windows continued to run without privilege separation; and application programmers took advantage of that, creating code which turned out to be fundamentally broken.
Face it, the bathwater is minging and the baby is dead -- there is nothing worth saving in the whole sorry mess. Whether bad water killed the baby, the dead baby made the water worse, or the two are unconnected, isn't really important right now. What is important is to get rid of them both, scrub out the bathtub and start again.
Of course, if you're going to switch to a new version of Windows -- which would have to be totally incompatible with all that sloppily-written software needing root access for no good reason -- then that would be about as big a change as switching to some other operating system. That must worry Microsoft
Je fume. Tu fumes. Nous fûmes!
Because XPSP2 recv Buffers are limited to 8KB.
Every OS has a size for those buffers, you have just discovered the XPSP2 size, congratulations.
Every other OS has a limit on that buffer, and I guess for every OS it is configurable in some way (in Windows there is some remote key in the registry).
I work for a company that sells a high-end network security scanning product. We have been dealing with this XP issue now for almost 2 years, and we are not the only ones who have complained to Microsoft. We have pushed our complaints as far through the channels as we can. Microsoft isn't listening.
Their response is: buy Windows Server 2003 if you want raw sockets. We asked them if there was any guarantee that they would not break the raw sockets feature in 2003, and they would not give us that guarantee. Besides, Windows Server 2003 ships with a lot of stuff we would have to disable to make the box even remotely secure.
Our CEO even registered a complaint with Microsoft, saying "We pay to use your software and you are hurting our business and hurting our customers and costing us money with this change. And you have heard our complaints and you are ignoring them." Microsoft responded that they would pass our criticism up the chain, and that's the last we heard.
That's why it irritates me to read in the article that Microsoft has had "little negative feedback" on this issue. I'm sure we're not the only paying customer of Microsoft that has been affected. And they are not telling the truth when they say that "the only thing affected by this change is fingerprinting software": port scanning is affected too.
So we have started recommending that our customers use the Linux version of our product. Now Microsoft is losing hundreds of thousands of dollars of revenue per quarter just from our company.