Necronomikro
join:2005-09-01 | reply to toadlife
Re: hah
"To look into or inquire about curiously, inquisitively, or in a meddlesome fashion: poke, pry. Informal nose (around). Idioms: stick one's nose into. See investigate, participate/abstain."
Define snooping. |
|
toadlife
Premium
join:2004-05-03
Lemoore, CA | reply to Necronomikro
I wasn't talking about sniffing traffic. |
|
Necronomikro
join:2005-09-01
| reply to toadlife
said by toadlife :
All Microsoft did was cripple their network stack of Windows XP and force network admins to use a *nix OS to do their network snooping.
Really? Then how come WINPCAP still works fine on this fully updated box? I can run ethereal just fine... |
|
toadlife
Premium
join:2004-05-03
Lemoore, CA
 ·AT&T Yahoo
| reply to Necronomikro
said by Necronomikro  :Yes, because it was patched! Microsoft patched it after raw sockets were used to DDOS their site. Umm, no. Before RAW sockets were removed, 99% of DoS attacks did not make use of raw sockets. Just because one or two worms used RAW sockets doesn't mean removing it would help stop DoS attacks.
DoS attacks using Windows boxes still happen every day to this day, and they will continue to happen, with or without RAW sockets support
All Microsoft did was cripple their network stack of Windows XP and force network admins to use a *nix OS to do their network snooping.
--
Break yourself from the Windows admin nipple...
»nonadmin.editme.com |
|
Necronomikro
join:2005-09-01
1 edit | reply to toadlife
Yes, because it was patched! Microsoft patched it after raw sockets were used to DDOS their site.
Several years after the release of Windows XP, my predictions for the consequences of making raw sockets available in a mass market consumer operating system (see all the pages below) came to pass. In fact, the famous "MS Blast" Internet worm used XP's raw sockets to attack Microsoft themselves!
Microsoft first began blocking XP's raw socket features with the release of their second XP Service Pack (SP2). Then an April 2005 security patch finished the job by completely killing off raw sockets. This final move caused a great deal of frantic running around and arm waving from fringe factions of the PC industry who still adamantly refuse to "get it". If these folks still don't "get it" they're never going to. But I am very pleased that Microsoft finally did, and does.
See ZDNet Story: Microsoft tries to quell TCP/IP 'danger'
Microsoft absolutely hates "taking back" operating system features, and thus breaking compatibility with applications that were using them. So this could NOT have been an easy or casual thing for them to do. I am sure it was only done after a great deal of thought and careful consideration. And it means that raw sockets in XP really WERE causing the huge amounts of trouble I knew they would. |
|
toadlife
Premium
join:2004-05-03
Lemoore, CA | reply to amungus
Gibson was in no way right. DoS attacks today have little/nothing to do with RAW sockets in Windows XP. |
|
amungus
Premium
join:2004-11-26
America
clubs: | that's a good one. why didn't this guy sue Microsoft when XP was released with raw sockets?
...I still laugh to this day that Gibson was so right...
»www.grc.com/dos/intro.htm |
|
