Raw Socket Access in Windows XP

First let me explain what raw socket access means. While performing
attacks such as DDoS attacks, you would need to cover your IP address to
not get traced and caught by spoofing your IP address, but IP spoofing
requires root access on Unix systems, so that the attack software can
open a "raw" network socket. Most applications use "cooked" sockets,
where the IP stack provides the necessary packet headers. A raw socket
means that the application must prepare the necessary headers itself.
This permits you to put any information you want in the headers,
including spoofed IP addresses. Note that Windows NT also supports raw
sockets, so this is not just a Unix issue.

Such an attack was made on Steve Gibson's company, as some of you may
have heard about a long time ago, by a 13 year old who goes by the nick
name "Wicked". Gibson was so disturbed from watching his own company get
hit this hard by a 13 year old, he is now dedicating his life to fixing
this "large and dangerous bug" as he believes it is. He is now working
on a program to find out if your ISP allows you to send spoofed packets,
for the sake of putting ISPs to shame and out of business for a more
secure and reliable Internet. His story on the DDoS attacks on his site
is explained in the link at the bottom of this text.

When those insecure and maliciously potent Windows XP machines are mated
to high-bandwidth Internet connections, we are going to experience an
escalation of Internet terrorism the likes of which has never been seen
before." - Steve Gibson

There is another very interesting article I came across talking with
Mike Neyman (programmer, my former co-worker). It's a theory about
Microsoft coming out with raw socket access on purpose for bigger plans,
as in taking over the Internet. The link to this article is found at the
bottom of this text.

To briefly summarize this article, it talks about Microsoft making
Windows XP so vulnerable with raw socket access on purpose so that when
script kiddies and hackers infest these machines so horribly that TCP/IP
and IPX will neither be safe to run and a new Internet Protocol needs to
be written to save everyone's ass. Supposedly, this protocol has already
been written and is built into Windows XP (but isn't installed or
activated). After the need for it is that bad, and it's released,
Microsoft will have almost full control over the entire Internet.
Anyway, it's a rather long and very opinionated article, and possibly
worth reading.

Being that my talk is on raw sockets in Windows XP and not raw sockets
alone, I'm going to finish up with my remarks on Windows XP shipping
with raw socket access. Also being my first talk, I have an excuse for
making this a small talk, so I'll start on my conclusion now.

My beliefs towards Microsoft coming out with raw socket support is -
"great for them for coming out of their marketing shell", but the
downside to all of this is if Cringely is right with his theories, then
we are in for hell, and Microsoft still never came out of their
marketing shell. Being the next in line to become a major consumer
Operating System, Windows XP is more public and open for attack against
the usual idiotic consumer buying a computer and could be abused to the
point of getting 50 times more IRC bots for use in DDoS attacks.
Personally I think that being that it is YOUR personal computer, I don't
see why you shouldn't be given the options to do whatever the hell you
want with it though. What I really think is stupid is the fact that
Microsoft has the right to force Windows XP on all new boxes built,
therefore being able to force settings onto users.

-=-=-=-=-=-=-=-=-=-=-=-

¥ http://grc.com/dos/grcdos.htm - GRC, Steve Gibson Under Attack

¥ http://www.pbs.org/cringely/pulpit/pulpit20010802.html - PBS Cringely
Talk