Hello. I've included a snippet of an exchange regarding the "raw TCP/IP socket" issue that Cringley (IIRC) was talking about in that article from a few weeks back. Could someone please comment on whether I've understood this correctly? I never got a reply to my response.
>> With the Berkley Sockets TCPIP (ie Linux, BSD, Solaris, ...) you can >> build a complete IP packet and send it down to the network card >> (ethernet) for transmission. You need to be root, but you can do it. >> >> Windows TCPIP currently doesn't allow this. You send the data packet >> plus headers for it to assemble and it doesn't allow the user to set >> the source IP. >> >> So all those denial of service attacks launched from Windows >> machines are traceable from the target. Now enter a world where you >> would have to check ever upstream router to trace back to the >> sources. > So let me see if I understand all of this correctly. With windoze XP > having "raw" TCP/IP sockets (like *nix), but which do _not_ require su > privs to access (unlike *nix), any user can spoof IPs? Thus an app > (read worm) can have IP spoofing abilities without needing suid root > on execution? TIA, Mike Pfleger There's seventy brilliant people on earth. Where are they hiding? "Yashar" -Cabaret Voltaire (off of "2x45")
