886

Кое что от создателя Nmap

Many of us were annoyed last year when Microsoft intentionally brokeraw sockets on Windows XP, while leaving the feature enabled inWindows 2003. MS is well known for maintaining the upgrade treadmillby dubious means such gratuitous file format incompatibilities, butthis is a new low. People pay $299.99 for WinXP Pro with working rawsockets, then MS cripples their systems and demands $1019 (WS2003retail price) to return the functionality. Of course Microsoft claimsthis change is necessary for security. That is funny, since all ofthe other major platforms Nmap supports (e.g. Mac OS X, Linux, *BSD)offer raw sockets and yet they haven't become the wasp nest ofspambots, worms, and spyware that infest so many Windows boxes.This takes us back to 1996, when MS released Windows NT 4.0Workstation with a limit of 10 incoming connections per 10 minutes[1].They (falsely) claimed this limit was due to substantial technicaldifferences between Workstation and Server, and wasn't just a way toforce an $800 upgrade. But at least that was a new product -- MSdidn't proactively break existing, working web servers. Soon hackersdiscovered that the "substantial technical differences" were just aregistry key setting. MS backed down and removed the limitation.Well, they haven't backed down this time! I know that some of youhave been avoiding SP2 to keep your system fully functional. MS madea blocking tool available to Enterprises, but they overrode it onApril 12 and forced the upgrade through Automatic Update anyway[2].And now they have quietly snuck the raw sockets restriction in withtheir latest critical security patch (MS05-019). The loophole thatallowed users to defeat the limitation by stopping the ICS service hasalso been closed by MS05-019. I have appended an informativeNTBugtraq post by Robin Keir on this topic. Pick your poison: InstallMS05-019 and cripple your OS, or ignore the hotfix and remainvulnerable to remote code execution and DoS.Nmap has not supported dialup nor any other non-ethernet connectionson Windows since this silly limitation was added. The new TCPconnection limit also substantially degrades connect() scan. Nmapusers should avoid thinking that all platforms are supported equally.If you have any choice, run Nmap on Linux, Mac OS X, Open/FreeBSD, orSolaris rather than Windows. Nmap will run faster and more reliably.Or you can try convincing MS to fix their TCP stack. Good luck withthat.Rand mode off,-Fyodor
0