lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <011801c48140$2501edf0$04d4a8c0@backroads.net>
From: niceman at att.net (Mike Nice)
Subject: SP2 and NMAP

> If you read the above Microsoft doc you will see that they have not
> "disabled raw packets" but disabled commonly abused types of raw
> packet.

   While most of XP SP2 properly addresses the real issues - how to keep the
bad guys out, part of SP2 is a feeble attempt to mitigate the effects of
malware after it has arrived.    Re: outbound rate connection queue
limiting - Even without raw sockets, it is trivial to fill the pipe with TCP
Syn's to one or more addresses, albeit with a real source IP.  (Note to MS:
by the time malware has ben installed, it's too late; the horse is already
out of the barn!)

  Since the GRC.com attack 2 years ago, even average ISPs put filters in
place to prevent IP address spoofing.  I saw one piece of windows malware
about 2 years ago that used spoofed source IPs, but none recently.

Re: no TCP outbound raw sockets; this disables functionality like Win32
TCPtraceroute.  Sometimes that is the only way to track network connectivity
issues.   As you note, the only solution is to run a system other than XP
SP2.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ