karthikbalaguru wrote:
On Jan 5, 4:54 pm, Andrew McLaren wrote:
karthikbalaguru wrote:
I am eager to know the reasons for the raw socket
support in the Winsock interface during the initial
Windows XP release ?
http://msdn.microsoft.com/en-us/libr...48(VS.85).aspx
Thx for the link !
As per the link, the ability to send traffic over raw sockets
has been restricted in several ways in new Windows
releases after 'Windows XP with SP2' .
The reasons for the below changes w.r.t Raw Sockets
are not clearly mentioned in that link . Any ideas ?
1) TCP data cannot be sent over raw sockets.
But why ?
2) A call to the bind function with a raw socket is not allowed.
But why ? Any ideas ?
But, the below reason w.r.t raw socket & UDP datagram
support is clear -
3) UDP datagrams with an invalid source address cannot be sent
over raw sockets. The IP source address for any outgoing UDP
datagram must exist on a network interface or the datagram is
dropped. This change was made to limit the ability of malicious
code to create distributed denial-of-service attacks and limits the
ability to send spoofed packets (TCP/IP packets with a forged
source IP address).
It's all to do with security.
[quote]
Restricted traffic over raw sockets
Detailed description
A very small number of Windows applications make use of raw IP sockets,
which provide an industry-standard way for applications to create TCP/IP
packets with fewer integrity and security checks by the TCP/IP stack.
The Windows implementation of TCP/IP still supports receiving traffic on
raw IP sockets. However, the ability to send traffic over raw sockets
has been restricted in two ways:
* TCP data cannot be sent over raw sockets.
* UDP datagrams with invalid source addresses cannot be sent over raw
sockets. The IP source address for any outgoing UDP datagram must exist
on a network interface or the datagram is dropped.
Why is this change important? What threats does it help mitigate?
This change limits the ability of malicious code to create distributed
denial-of-service attacks and limits the ability to send spoofed
packets, which are TCP/IP packets with a forged source IP address.
[end quote]
http://technet.microsoft.com/en-us/l.../bb457156.aspx
John