Microsoft States Full TCP/IP Too Dangerous 575
daria42 writes "To fully implement the TCP/IP protocol in Windows XP would make creating denial of service attacks 'entirely too trivial', Microsoft has claimed. The company was responding to claims by Nmap author and well-known security expert Fyodor that by repeatedly disabling the ability to send TCP/IP packets via the 'raw sockets' avenue, Microsoft was asking the security community to 'pick their poison': either cripple their operating system or leave it open to hackers. Admitting that a recent security patch had intentionally disabled a community-developed workaround to Microsoft's TCP/IP changes - which were first implemented in Windows XP Service Pack 2 - the company claimed it had received little negative feedback on the issue."
Baby, meet bathwater. (Score:5, Informative)
This is because XP is not designed right, not because the TCP/IP protocol is wrong. (just to be clear)
The quote [seclists.org] from Fyodor is:
"Pick your poison: Install MS05-019 and cripple your OS, or ignore the hotfix and remain vulnerable to remote code execution and DoS."
It's like... we just... can't... win.
Fyodor goes on to say...
"Nmap has not supported dialup nor any other non-ethernet connections
on Windows since this silly limitation was added. The new TCP
connection limit also substantially degrades connect() scan. Nmap
users should avoid thinking that all platforms are supported equally.
If you have any choice, run Nmap on Linux, Mac OS X, Open/FreeBSD, or
Solaris rather than Windows. Nmap will run faster and more reliably.
Or you can try convincing MS to fix their TCP stack. Good luck with
that."
The answer, my friend, is to drop Microsoft.
Baby, meet bathwater.
I remember... (Score:3, Informative)
Re:A wise decision (Score:5, Informative)
Re:A wise decision (Score:2, Informative)
You must be kidding. The runas service is *nothing* compared to a true multi-user environment. Other than installing software runas is useless. How do you modify the registry without logging out the local user? How do you add printers to the machine without logging out the user?
Runas is a hack to make up for oversights in the OS.
Re:Ulterior motives (Score:5, Informative)
Gibson points out that other operating systems do this, while Windows doesn't. The problem lies there, not in the inclusion of raw sockets API.
Re:A wise decision (Score:5, Informative)
runas
How do you add printers to the machine without logging out the user?
runas
Click View, Explorer Bar, go to printers control panel, add printer...
Yes, you're right, there are some things you still can't do using runas, but not many. Be creative.
Re:Baby, meet bathwater. (Score:5, Informative)
Quoted from there is basically. If you want to use hand-crafted TCP/UDP packets over a raw IP connection, you must enable the Internet Connection Firewall.
At least, this is for SP1, I don't know if you can get away with this in SP2.
Steve "Ahab" Gibson (Score:3, Informative)
Dissecting Steve Gibson GRC DoS Page [grcsucks.com]
Raw Sockets are not a Security Risk [grcsucks.com]
Bloody, I know about too many old flamewars.
Re:So when... (Score:3, Informative)
With Windows sockets, it is imperative to look at the error returned by send() if it fails. If the error is WSAENOBUFS, then it means that the packet you are trying to send is too large and must therefore be reduced. It is possible that the Java implementation doesn't do this.
Here is a snippet of code that is NECESSARY to be able to transfer data reliably on Windows. Please note that while just a single send() will work most of the time, there is no garantee that it will. Try, for example, sending chunks of 1MB, 8MB, 64MB, 128MB and 256MB and see at what point you get WSAENOBUFS. You may be surprised.
while (cbBuffer > 0)
{
for (cbToSend = cbBuffer;;)
{
cbSent = send(Socket,Buffer,cbToSend,0);
if (cbSent >= 0)
{
Buffer += cbSent;
cbBuffer -= cbSent;
break;
}
else if ((WSAGetLastError() != WSAENOBUFS) || ((cbToSend >>= 1) == 0)) return FALSE;
}
}
Note that on UNIX you should check errno for ENOBUFS as well, just in case.
Oh my god, this has been debated since 2000 (Score:5, Informative)
There is a short audio file from Rob Rosenberg from where he repeadingly laughs at his claims.
By the way, wasn't Gibsons site defaced today by Fluffy Bunny?
http://www.farook.org/arc20010701.htm [farook.org]
http://www.vmyths.com/rant.cfm?id=335&page=4 [vmyths.com]
http://www.theregister.co.uk/2001/06/12/security_
and so on. Is there anything new that has happened in the last 4 years?
Re:A wise decision (Score:1, Informative)
"su" (or better yet "su -") gives you a root session you can reuse as long as you like.
"sudo" launches only a single command from the CLI
The real difference is that the CLI in *nix like OS' (especially linux) is far more powerful and with less effort.
Sure, you can do almost anything from the CLI even in windows... but where is the documentation about it? Where are the "manpage" equivalents? CLI usage in windows is really obscure stuff.
Often you have to install additional tools to get full functionality (adduser, anyone?)
Besides, the installed programs are NEVER in the system path (since windows does not have a central repository for executables), so the CLI becomes even less useful. Or more cumbersome: "start c:\program files\ahead\nero\nero.exe " is a tad long, opposed to, sah "k3b "
Re:MS innovates counter arguments shock!! (Score:3, Informative)
It's also not "vastly more complicated", it's a different interface and *gasp* requires correct code to not blue screen.
Re:So when... (Score:5, Informative)
Every OS has a size for those buffers, you have just discovered the XPSP2 size, congratulations.
Every other OS has a limit on that buffer, and I guess for every OS it is configurable in some way (in Windows there is some remote key in the registry).
Re:Responding to Steve Gibson (Score:4, Informative)
Re:A wise decision (Score:2, Informative)
But this guy [msdn.com] has a blog dedicated completely to the whole non-admin subject, including some utilities to make it easier.
Re:Baby, meet bathwater. (Score:1, Informative)
blocks packets that have a source address that is not valid for the host. This blocks the problem with spoofed source addresses Steve Gibson was talking about.
really? (Score:3, Informative)
In any case, it's funny that you chose linux - arguably the least secure of the modern unixes. I'd have entertained a suggestion of Theo, but he'd fail because im sure his approach would be "the requirements don't matter, this is how i think it should be done", and then half of the crap customers expect would be broken.
I'm not sure how you read my statement about raw socket support being a bad thing for home users, but the point i was making is that they're not using it, so it doesn't help them, and because of the other factors i outlined, it makes thier machines more attractive and more potent for botnet membership.
If its not helping them, and its a risk, then removing it is a good thing, right ?
I don't understand some of your accusations as "bullshit". Are you telling me i'm lying to you? Do you have informatoin that I don't?
I remember the announcement internally that XP home would run with users= admin and being irate about it. Lot's of us were hoping that we'd get it right for xp but the people upstairs couldn't stomach the amount of appcompat breakage it would cause. As it is the amount of custom code in the various versions of windows for 3rd party app support is pretty outlandish. Read raymond chen's blog for a glmipse of what he was doing back in the windows 95 days to help appcompat. Things like this matter when you have 1) an installed base 2) a bunch of 3rd parties making money off your platform 3) binary compat as a requirement. Note that linux has none of these 3 aggrivating factors to deal with. (not anywhere within an order of magnitude of where MS is, at least)
For what it's worth, I agree that our testing, design, and management are all inadequate. We're just human. As an aside, we're hiring. Are you qualified to help, or just to bitch?
Get Ready for... MS TCP/IP!! (Score:2, Informative)
Linux is looking better and better everyday, even to our management.
Re:Privileges anyone? (Score:3, Informative)
For example, I can run jobprc iexplore -dsid administrators -dprivmax -handles -prclimit 20 -jobmem 64000000 and be assured that a vuln in IE could damage my own profile or stuff that everyone has access to at most (since it still has my user SID enabled). Denying access to my profile breaks tons of apps (they get read-only access to the default user profile instead). Restricting SIDs are very powerful, (closer to a capabilities style system) but tend to break things in all kinds of weird ways.
Anyways, the underlying system is there, but 1. it's hard to get to and use and 2. it's popular to ignore. Yeah, espescially UNIX developers vs Windows developers. I find that cross platform or UNIX software ported to Windows is the best behaved.
Plus, the biggest problem with the NT security model is that it's too complicated for most developers (let alone most users) to bother with. Good old rwx permissions on files are very simple by comparison. An operating system for The People should use something at least as simple.