Thursday 12 August 2004

Nmap, Raw Sockets and Windows XP Service Pack 2

I am not a user of Nmap and the first I heard of it was when Trinity used it in the Matrix to hack into a power grid computer.

However, I am familiar with the concept of Raw Sockets because Steve Gibson made a big fuss over its inclusion in Windows XP back in 2001.

Anyway there is another bit of a fuss brewing now because Microsoft finally removed Raw Sockets from Windows XP Service Pack 2 and Nmap relies on Raw Sockets to function.

Microsoft removed Raw Sockets from Windows XP SP2 because they believe that only attack tools use raw sockets ...except that Raw Sockets is also available in Linux and other commentators on this issue have pointed out that access to Raw Sockets in Windows XP SP2 can still be re-enabled by a writing a suitable device driver that plugs into the NDIS stack and communicates directly with the network card device driver.

Meanwhile Dana Epp, a security consultant has an Nmap Patch for Windows XP SP2

Related Reading