RE: Raw Sockets in WinXP

From: CJ Oakwood (cj_oakwood@yahoo.com)
Date: 07/27/01

• Previous message: o1o: "RE: Remote Administration on W2K"
• In reply to: Eric R Menendez: "RE: Raw Sockets in WinXP"
• Next in thread: The Psychotic Viper: "RE: Raw Sockets in WinXP (maybe OffTopic?)"
• Reply: The Psychotic Viper: "RE: Raw Sockets in WinXP (maybe OffTopic?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "CJ Oakwood" <cj_oakwood@yahoo.com>
To: <eMenendez@worldnet.att.net>
Subject: RE: Raw Sockets in WinXP 
Date: Fri, 27 Jul 2001 09:55:53 -0700
Message-ID: <00e301c116bc$ff9879d0$0540a8c0@oakwood.com>

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is incorrect...
Microsoft WindowsXP Home Edition, has 2 types of accounts
Administrator and Limited User.

Every user on the Home Edition will be a limited user, not Admins.
The only time you can access the Admin account, you must boot into
safe mode.
You can never log in as Admin unless you are in Safe Mode (that may
have changed...)

The creation of Raw Sockets comes from the call to function
setsockopt()
Any program can call this function.

As everybody knows, this functionality already exists in Windows
2000.
So when you say "any Trojan on a typical home XP box can spoof
packets" it should say,
"Any Trojan on a typical Windows 2000 or greater can spoof packets."

- -----Original Message-----
From: Eric R Menendez [mailto:eMenendez@worldnet.att.net]
Sent: Thursday, July 26, 2001 18:51
To: 'Jim'; SECURITY-BASICS@SECURITYFOCUS.COM
Subject: RE: Raw Sockets in WinXP

In the professional version of XP, I believe that the only users with
the
rights to create raw sockets are admins. However, the problem occurs
in the
home version, in which the default user is the admin. Therefore, any
trojan on
a typical home XP box can spoof packets.

- -Eric

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Go to http://4.60.71.222/public/ for public key

iQA/AwUBO2GdGa+nyPk9PHN7EQIJAACg45bIw7rG+10WZymwxElkSi8Ll00Amwcu
9F39dj7M34m+CseoLaWvq9rn
=5UX5
-----END PGP SIGNATURE-----

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

---

• Previous message: o1o: "RE: Remote Administration on W2K"
• In reply to: Eric R Menendez: "RE: Raw Sockets in WinXP"
• Next in thread: The Psychotic Viper: "RE: Raw Sockets in WinXP (maybe OffTopic?)"
• Reply: The Psychotic Viper: "RE: Raw Sockets in WinXP (maybe OffTopic?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Automatic Updates under Limited User account ... > log on as Admin and manually update Windows? ... If you set Automatic Updates to notify before downloading or notify ... offered to the limited user, but as soon as an admin logs on, the AU ... (microsoft.public.windowsxp.security_admin) Re: One machine, one admin, one user - how? ... suggestion I can give, at least on Windows XP, is to setup the Admin ... any program launched normally inherits the limited user ... I am now in the administrators group. ... (alt.os.windows-xp) Re: One machine, one admin, one user - how? ... suggestion I can give, at least on Windows XP, is to setup the Admin ... any program launched normally inherits the limited user ... I am now in the administrators group. ... (alt.os.windows-xp) Runas to open folders and shell objects ... 2)"carlo" limited user ... In Windows XP Home Edition: ... a1) session opened with "carlo": ... a2) session opened with "admin": ... (microsoft.public.windowsxp.general) Re: New possible user ... I'm saying you may be (you don't ... windows exposure, given the right atmosphere (I mentioned that, sociable ... run the apps and is comfortable for the people that admin it. ... (comp.unix.questions)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)