Raw socket

Raw socket

In computer networking, a raw socket is a socket that allows direct access to packet's headers. Due to the fact that raw sockets allow users to craft packets' headers, their power can be abused to perform attacks such as IP address spoofing in hand with denial-of-service.

Overview

Raw sockets are not a programming language-level construct, they are part of the underlying operating system's networking API. Most socket interfaces, especially those based on the Berkeley sockets, support them.

Usually raw sockets receive packets containing the header, as opposed to standard sockets, which receive just the payload with the headers stripped for programmer's convenience. For outgoing packets, whether or not a header is automatically prepended is usually a raw socket's configurable option.

Raw sockets are usually used on the network's transport layer or network layer.

Controversy

When Windows XP was first released in 2001 with raw socket support implemented into the Winsock interface, the media attacked Microsoft saying that raw sockets are only of use to hackers to pull off TCP reset attacks. In the summer before the Windows XP release, security consultant Steve Gibson described in detail why raw sockets in Windows XP were a major security issue. Three years after the Windows XP release, Microsoft silently limited Winsock's raw socket support in a non-removable hotfix and offered no further support or workarounds for applications that used them. [http://www.grc.com/dos/intro.htm] They generally work for legitimate uses, that is, when using UDP datagrams crafted to have a source address that matches one on the sending interface.

See also

* Packet
* Internet Protocol
* Internet protocol suite
* Berkeley sockets
* Internet socket

External links

* [http://security-freak.net/raw-sockets/raw-sockets.html Video Tutorials on Programming with Raw Sockets]
* [http://aspn.activestate.com/ASPN/CodeDoc/Net-RawIP/RawIP.html Net::RawIP; module for Perl applications.] Created by [http://www.ic.al.lg.ua/~ksv/ Sergey Kolychev] .
* Network Programming for Microsoft Windows (ISBN 0-7356-1579-9)
* [http://blogs.msdn.com/michael_howard/archive/2004/08/12/213611.aspx A little more info on raw sockets and Windows XP SP2 - Michael Howard's Web Log] an indication of what's actually allowed on Windows.
* [http://seclists.org/nmap-hackers/2005/0004.html Microsoft Tightens the Noose on Raw Sockets]
* [http://www.komodia.com/index.php?page=newtools.html Open source C++ tools to manipulate Raw Sockets and a free Packet Crafter]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Socket 940 — is a 940 pin socket for 64 bit AMD server processors. The socket is entirely covered with leads, except for four key pins used to align the processor. AMD Opterons and the older AMD Athlon 64 FX (FX 51) use Socket 940. Being an intended server… …   Wikipedia

  • Socket (Software) — Ein Socket (abgel. von engl. Sockel oder Steckverbindung, Steckdose) ist ein Software Modul, mit dessen Hilfe sich ein Computerprogramm mit einem Rechnernetz verbinden und mit anderen Computern Daten austauschen kann. Sockets werden auch… …   Deutsch Wikipedia

  • Internet socket — In computer networking, an Internet socket or network socket is an endpoint of a bidirectional inter process communication flow across an Internet Protocol based computer network, such as the Internet. The term Internet sockets is also used as a… …   Wikipedia

  • Berkeley sockets — The Berkeley sockets application programming interface (API) comprises a library for developing applications in the C programming language that perform inter process communication, most commonly across a computer network.Berkeley sockets (also… …   Wikipedia

  • Ancillary Function Driver — Pour les articles homonymes, voir AFD. Ancillary Function Driver (AFD) est le pilote de fonction auxiliaire, un service de Microsoft Windows, chargé de faire fonctionner les sockets BSD. Sous Windows (voir Winsock), l application la plus célèbre… …   Wikipédia en Français

  • Steve Gibson (computer programmer) — Infobox Person name = Steve Gibson caption = Steve in between shots on Leo Laporte s Call For Help in Toronto April, 2007. birth name = birth date = March 1955 birth place = Dayton, Ohio, United States death date = death place = death cause =… …   Wikipedia

  • Packet injection — is a computer networking term which refers to sending a packet on a network into an already established connection, usually by a party not otherwise participating in the said connection. This is accomplished by crafting a packet using raw sockets …   Wikipedia

  • Sockets du domaine Internet — En réseau informatique, les sockets du domaine Internet (INET) désignent les nœuds d un flux de communication inter processus bidirectionnel à travers un réseau IP comme Internet. Une adresse socket est la combinaison d une adresse IP et d un… …   Wikipédia en Français

  • Privilege separation — In computer programming and computer security, privilege separation is a technique in which a program is divided into parts which are limited to the specific privileges they require in order to perform a specific task. This is used to mitigate… …   Wikipedia

  • IPTraf — en KDE Desarrollador Jack Wallen Página de IPTraf …   Wikipedia Español

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”