Raw Sockets - PowerPoint PPT Presentation

About This Presentation
Title:

Raw Sockets

Description:

Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using the ... – PowerPoint PPT presentation

Number of Views:60
Avg rating:3.0/5.0
Slides: 10
Provided by: DICK134
Category:

less

Transcript and Presenter's Notes

Title: Raw Sockets


1
Raw Sockets
  • CS-480b
  • Dick Steflik

2
Raw Sockets
3
Raw Sockets
  • Raw Sockets let you program at just above the
    network (IP) layer
  • You could program at the IP level using the IP
    API but you cant get at ICMP
  • Raw Sockets expose ICMP
  • you get a Raw Packet and populate the entire
    packet yourself
  • for high level protocols like TCP and UDP you
    lose all of the functionality implemented in
    those layers
  • choosing to use a Raw Socket must be weighed
    carefully
  • Raw Sockets can be dangerous
  • Raw Sockets can be against the law
  • http//www.kumite.com/rsnbrgr/rob/grcspoof/cnn/

4
Limitations
  • Loss of Reliability
  • No ports
  • Non Standard Communications
  • No automatic ICMP
  • No Raw TCP or UDP
  • Must have root (or administrator) privilege

5
When to use
  • When you need to control the IP header
  • applications like Ping and Traceroute
  • not all fields can be set using the IP APIs
  • Network Address Translation
  • Firewalls
  • When your application requires optimum network
    speed
  • one level above the Link Layer
  • if you need reliability, you must build it into
    your application

6
Windows and Raw Sockets
  • WinSock 2.0 - November 2001
  • raw sockets for NT and W2000
  • must run as administrator
  • Win XP
  • Professional - raw socket functionality
    restricted to administrator users
  • same level of access as UNIX / Linux
  • but first user created has administrator rights -
    if this is being used on a home machine most
    users would be running as administrator all of
    the time leaving their machine possibly open to
    being hijacked
  • Home - will eventually become the predominant OS
  • is not supposed to have raw sockets
  • Internet Connection Firewall (ICF) attempt to fix
    problem
  • but only blocks incoming traffic all outgoing
    traffic permitted
  • hacker can install a trojan horse that installs a
    zombie that just sits and waits to become part of
    a DDoS attack on someone

7
Windows and Raw Sockets
  • WinSock 2.0 allows windows programmers to build
    advanced applications
  • Firewalls
  • Network Address Translation
  • Packet Filtering
  • SYN Flood protection
  • Security
  • IPSec support
  • VPN Clients
  • Network Administration
  • Packet Sniffers/Analyzers
  • Pathway Analyzers (ping and traceroute)

8
Possible Motives
  • With a possible expansion of DDoS attacks
  • could make TCP/IP look unstable and undesireable
  • MS could be waiting in the wings with a
    replacement technology to replace TCP/IP (Robert
    X. Cringely, author)
  • proprietary (TCP/MS)
  • bad for us good for MS

9
Countering Raw Sockets Attacks
  • Egress Filtering - verifying that all packets
    leaving a network are really from that network
  • at network edges/borders
  • Locking Down Raw Sockets
  • Raw Sockets Disabler and Socket Lock have been
    demonstrated to disable raw sockets usage in host
    machines where they are installed
  • IP v6
  • IPv4 is susceptible to address spoofing, IPv6 is
    not
Write a Comment
User Comments (0)
About PowerShow.com