RE: XPSP2 compatability

From: Wozny, Scott (US - New York) (swozny@deloitte.com)
Date: Fri Aug 20 2004 - 12:06:13 EDT


Does anybody else find it funny that when Microsoft produced OSes that
didn't allow sending over raw sockets programmers screamed bloody murder
about the restrictive nature of it (you can code that way in *nix, why
not in Windows)? So MS decided to allow it. If I recall correctly,
some of the InfoSec pundits at the time claimed this was a very
frightening idea because the truly nasty address-spoofing code at the
time only functioned in the *nix world due the Microsoft's 'oppressive'
limitation on the TCP/IP stack. Well Microsoft gave the programmers
what they wanted and for the last 2 or 3 years we've been dealing with
the fallout of the world of 'point-and-click worms' that your
above-average 15 year old on Jolt Cola in his mom's basement can compile
and unleash on the world. Now IT departments the world over have been
screaming bloody murder about this wildly insecure operating system and
Microsoft, pressured by their corporate clients who are their bread and
butter, said they'd work tirelessly to fix this and demonstrate their
commitment to security.

So now, Microsoft is back to saying, "No raw sockets" (amongst other
things). I'm not saying that this is the only security hole in Windows.
But I am saying that, in a way, we kind of asked for this... :) It's
kind of a gun control thing. The raw sockets are not the problem, the
exploits and the bad code are, but the raw sockets allow spoofing within
Windows making the exploit that much easier to propagate with a lesser
programming skill set (i.e. guns don't kill people, people kill people,
but the gun makes it easier to do it than using a toaster). Microsoft
has explicitly made the point that, in their research, raw sockets are
being used for nefarious purposes more often than for noble ones. Right
or wrong, it looks like we're going to have to write around it.

Anybody want to venture a guess as to how many more times this pendulum
is going to swing? :)

Oh, and for the record, I haven't been forced onto SP2 yet. Hopefully,
by the time that happens, someone will have quantified all the
permutations and combinations of XP Service Packs, WinPCap distros and
Ethereal distros that do and don't work together.

Scott

This opinion is my own and does not, necessarily, reflect the opinions
of my employer.

-----Original Message-----
From: Gary everekyan [mailto:karo@onnik.com]
Sent: Tuesday, August 17, 2004 12:42 PM
To: 'Roman Fomichev'; 'Anjin'; pen-test@securityfocus.com
Subject: RE: XPSP2 compatability

Here is a little more detail.
I have been successfully running ethereal version 0913a and winpcap 3.0
under XPSP2.
I have also upgraded and was successful in running ethereal version
0106
and winpcap 3.1beta3 on XPSP2.
HTH

Regards,
 
Gary Everekyan CISSP, CISM, MCSE, MCT
Information Security and Audit
"High achievement always takes place in the framework of high
expectation" -
Jack Kinder

-----Original Message-----
From: Roman Fomichev [mailto:from@e-solutions.lv]
Sent: Tuesday, August 17, 2004 4:52 AM
To: Anjin; pen-test@securityfocus.com
Subject: Re: XPSP2 compatability

I have been using ethereal for years. I have been using XPSP2 since rc1.

No problems.

On Mon, 16 Aug 2004 22:50:32 +0930, Anjin <wildcard@internode.on.net>
wrote:

> Following up on the item from James, it also seems that XPSP2 is
> incompatible with WinPCAP. Both Snort and Ethereal fail with an
> identical error when XPSP2 is installed. Removing the patch solves
> the problem.
>

This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:59 EDT