lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: jftucker at gmail.com (James Tucker)
Subject: SP2 and NMAP

If you are going to try and bash Microsoft for doing something, maybe
you should at least look at some of the documents surrounding the
reasons for doing it, and then be accurate:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx#XSLTsection127121120120
and a documented attack which utilised the windows raw socket functionality:
http://www.grc.com/dos/drdos.htm

If you read the above Microsoft doc you will see that they have not
"disabled raw packets" but disabled commonly abused types of raw
packet. If anyone has a genuine business application which uses
spoofed source raw UDP packets or customised TCP data, I will frankly
be disgusted. It is coding of that sort which destroys the IT
industry; there are applications for this functionality elsewhere, but
there are no real business interface applications which should require
such functionality from the protocol stacks.

Functionality comes at the cost of simplicity. Just as you can't
accurately measure the position of an electron without affecting its
speed; and you cannot make software more feature full, without making
it more complex (and for most users therefore harder to use).

If you are using NMAP for local security checks, and XP is your
primary desktop OS then I would highly recommend putting your scanner
on another system. A large number of the exploits available for less
patched versions of Windows will be able to infect your scanning
machine as well (via local lan exploits). Whilst most malware is not
sophisticated enough to get in and take out the NMAP logs, the
possibility (and thus risk) is there. Use a secure-by-default OS and
add limited and carefully veto'd systems to it for your IDS solutions.
Cost is not an issue here as many options for the systems in question
are free.


On Thu, 12 Aug 2004 08:01:23 -0500, PJ <pj114@...apathdsl.net> wrote:
> FYI... The current NMAP (Windows) version is now broken when applying SP2.
> MS has disabled the use of RAW packets... Details can be found on
> insecure.org (by Fyodor).
> .... But then NMAP also ran on Win95 which did not support RAW packets - thus
> maybe a patched version will be available in the future.
> 
> Before someone says it ... I will.  You should be running Linux anyway if
> you want real functionality.
> 
> PJ
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ