[Snort-users] GRC.com attack and TCP stacks

Edwin Chiu Edwin.Chiu at ...1378...
Fri Jun 22 21:11:40 EDT 2001


Quoting Galitz <galitz at ...247...>:
> So, I read the above URL, but I am curious.  Steve
> states:
> 
> 
>     Microsoft's engineers never fully implemented the complete
>     "Unix Sockets" specification in any of the previous version
>     of Windows. 
> 
> And goes to say that a MS Windows pre-2000 or XP box cannot
> generate spoofed packets without the attacker (or security 
> auditor) using special device drivers.
> 
> My question is... what the heck is he talking about?  Is
> this true?  Is it not possible to generate spoofed traffic
> on an NT box using only the OS and no new drivers to be
> installed?  What missing functionality is being alluded
> to here?

I believe he is referring to Raw Sockets, something that is 
implemented in Winsock 2.0 and available for download for
all versions of Windows, or 9x/NT. Although I always thought
NT allowed you to create Raw Sockets.

Regards,
Edwin




More information about the Snort-users mailing list