110 likes | 385 Vues
Raw Sockets. CS-480b Dick Steflik. Raw Sockets. Raw Sockets. Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using the IP API but you can’t get at ICMP Raw Sockets expose ICMP you get a Raw Packet and populate the entire packet yourself
E N D
Raw Sockets CS-480b Dick Steflik
Raw Sockets • Raw Sockets let you program at just above the network (IP) layer • You could program at the IP level using the IP API but you can’t get at ICMP • Raw Sockets expose ICMP • you get a Raw Packet and populate the entire packet yourself • for high level protocols like TCP and UDP you lose all of the functionality implemented in those layers • choosing to use a Raw Socket must be weighed carefully • Raw Sockets can be dangerous • Raw Sockets can be against the law • http://www.kumite.com/rsnbrgr/rob/grcspoof/cnn/
Limitations • Loss of Reliability • No ports • Non Standard Communications • No automatic ICMP • No Raw TCP or UDP • Must have root (or administrator) privilege
When to use • When you need to control the IP header • applications like Ping and Traceroute • not all fields can be set using the IP APIs • Network Address Translation • Firewalls • When your application requires optimum network speed • one level above the Link Layer • if you need reliability, you must build it into your application
Windows and Raw Sockets • WinSock 2.0 - November 2001 • raw sockets for NT and W2000 • must run as administrator • Win XP • Professional - raw socket functionality restricted to administrator users • same level of access as UNIX / Linux • but first user created has administrator rights - if this is being used on a home machine most users would be running as administrator all of the time leaving their machine possibly open to being hijacked • Home - will eventually become the predominant OS • is not supposed to have raw sockets • Internet Connection Firewall (ICF) attempt to fix problem • but only blocks incoming traffic; all outgoing traffic permitted • hacker can install a trojan horse that installs a zombie that just sits and waits to become part of a DDoS attack on someone
Windows and Raw Sockets • WinSock 2.0 allows windows programmers to build advanced applications • Firewalls • Network Address Translation • Packet Filtering • SYN Flood protection • Security • IPSec support • VPN Clients • Network Administration • Packet Sniffers/Analyzers • Pathway Analyzers (ping and traceroute)
Possible Motives • With a possible expansion of DDoS attacks • could make TCP/IP look unstable and undesireable • MS could be waiting in the wings with a replacement technology to replace TCP/IP (Robert X. Cringely, author) • proprietary (TCP/MS) • bad for us; good for MS
Countering Raw Sockets Attacks • Egress Filtering - verifying that all packets leaving a network are really from that network • at network edges/borders • Locking Down Raw Sockets • Raw Sockets Disabler and Socket Lock have been demonstrated to disable raw sockets usage in host machines where they are installed • IP v6 • IPv4 is susceptible to address spoofing, IPv6 is not