[Snort-users] GRC.com attack and TCP stacks

Jason Robertson jason at ...734...
Sun Jun 24 17:58:55 EDT 2001


Actually WinNT and all versions of Windows after Win95 (though there was 
the Winsock2 update), that allowed for Raw Sockets.

I even have a few spoofers that work on win95/98 (with winsock2).  And 
remember where there is a will there is a way...

Jason

On 22 Jun 2001, at 21:11, Edwin Chiu wrote:

Date sent:      	Fri, 22 Jun 2001 21:11:40 -0400
From:           	Edwin Chiu <Edwin.Chiu at ...1378...>
To:             	galitz at ...247...
Copies to:      	snort-users at lists.sourceforge.net
Subject:        	Re: [Snort-users] GRC.com attack and TCP stacks

> Quoting Galitz <galitz at ...247...>:
> > So, I read the above URL, but I am curious.  Steve
> > states:
> > 
> > 
> >     Microsoft's engineers never fully implemented the complete
> >     "Unix Sockets" specification in any of the previous version
> >     of Windows. 
> > 
> > And goes to say that a MS Windows pre-2000 or XP box cannot
> > generate spoofed packets without the attacker (or security 
> > auditor) using special device drivers.
> > 
> > My question is... what the heck is he talking about?  Is
> > this true?  Is it not possible to generate spoofed traffic
> > on an NT box using only the OS and no new drivers to be
> > installed?  What missing functionality is being alluded
> > to here?
> 
> I believe he is referring to Raw Sockets, something that is 
> implemented in Winsock 2.0 and available for download for
> all versions of Windows, or 9x/NT. Although I always thought
> NT allowed you to create Raw Sockets.
> 
> Regards,
> Edwin
> 
> 



---
Jason Robertson                
Network Analyst            
jason at ...734...    
http://www.astroadvice.com      




More information about the Snort-users mailing list