|
|
|
Secciones
Obrar mucho, y hablar poco; que lo demás es de loco.
Barrapunto © 1999-2007. Contenido disponible bajo licencia Creative Commons Reconocimiento 2.5
Aviso legal
Barrapunto © 1999-2007. Contenido disponible bajo licencia Creative Commons Reconocimiento 2.5
Aviso legal
Son rumores?
(Puntos:3, Informativo)( http://tangarallo.cjb.net/ )
Intentemos ser un poco objetivos y miremos lo que pone en el enlace de la noticia
I've heard strong rumours that the upcoming Win-XP SP2 will disable the use of SOCK_RAW sockets for any user (admin included).
Ahora mirando el primer comentario a este rumor (que lo dice el mismo, no yo) tenemos.
I am beta testing XP SP2 and I think nmap is working okay for me thus far (although I have had horrendous problems with programs that use packet.
Veamos que dice el Gran Hermano.
Service Pack [microsoft.com]
What new functionality is added to this feature in Windows XP Service Pack 2?
Restricted traffic over raw sockets
Detailed description
A very small number of Windows applications make use of raw IP sockets, which provide an industry-standard way for applications to create TCP/IP packets with fewer integrity and security checks by the TCP/IP stack. The Windows implementation of TCP/IP still supports receiving traffic on raw IP sockets. However, the ability to send traffic over raw sockets has been restricted in two ways:
TCP data cannot be sent over raw sockets.?
UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped.
Desde mi punto de vista nada que objetar, tal vez se me olvide algo?
Si, justo la siguiente línea de nuevas características del SP2 dice esto, que es el meollo real del asunto, citando la propia fuente de Microsoft:
Limited number of simultaneous incomplete outbound TCP connection attempts
Detailed description
The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system?s event log.
...
What works differently?
This change may cause certain security tools, such as port scanners, to run more slowly. ¿Como pueden estos de Microsfot caer mal a nadie?, si son unos cachondos.
Almenos avisan y dan una solución...(este es el chiste del final :-) )
How do I resolve these issues?
Stop the application that is responsible for the failing connection attempts.
Y mi pregunta antes de instalar el SP2 es.
a) Realmente falla el Nmap.
b) Alguien se olvidó leer un punto en las características de MS.
PD: Nada de cachondeo en la pregunta final, es que realment no lo se.
Re:Son rumores?
(Puntos:3, Informativo)( http://www.flickr.com/photos/runlevel0/ | Última bitácora: Jueves, 01 Noviembre de 2007, 11:37h )
-----------------------------------------------
This is just a heads-up that most Nmap functionality will not work on
the just-released Microsoft Windows SP2. Why? Microsoft apparently
broke it on purpose! When an Nmap user asked MS why security tools
such as Nmap broke, MS responded[1]:
"We have removed support for TCP sends over RAW sockets in SP2.
We surveyed applications and found the only apps using this on XP were
people writing attack tools."
I don't know why they consider Nmap an "attack tool", particularly
when they recommend it on some of their own pages[2]. Shrug.
Removing SP2 re-enables the functionality and causes Nmap to work
again. Many problems unrelated to Nmap have been found with SP2 as
well[3], though it does some welcome security improvements for people
stuck on that platform.
I will work on this if I get time, but am currently busy rewriting the
core port scanning engine for the next version of Nmap. It is much
faster, offers much better multiple-host parallelization, and provides
other long-desired features such as completion time estimates. If
someone finds a solution to this SP2 problem, please send a patch. It
may not be too hard, as Nmap supports operating systems such as Win95
that didn't have raw socket support in the first place.
Cheers,
Fyodor
[1] http://seclists.org/lists/nmap-dev/2004/Apr-Jun/00 77.html
[2] http://www.microsoft.com/serviceproviders/security /tools.asp
[3] http://www.crn.com/sections/breakingnews/breakingn ews.jhtml?articleId=23905071
--------------------------------------------------
29A the Number of the Beast