as far as i know, the packets on the receiving end are no different. the
difference is on the sending end. it revolves around raw sockets being able
to have information spoofed before they get sent out. normally, the TCP stack
will fill in things like the sending IP etc, but raw sockets allow a bad guy
to more easily build his own tcp/ip compliant packet containing bogus sending
IP information.

but on the receiving end, the packet still complies with the tcp format. it
just could have some bogus information in it leading you to believe the
packet came from somewhere it didn't.

btw, linux/unix and mac os X have raw socket support.

so, someone correct me if i am wrong, but it really shouldn't make any
difference to your firewall whether is was sent from a machine utilizing raw
sockets or not. it just allows the less technical hacker or perhaps script
kiddie to cause chaos more easily.

moose.

On February 26, 2002 02:40 am, you wrote:
> Hi,
>
> Just a quick question about those in the know about Windoze raw sockets and
> firewalls. I've asked several firewall suppliers (Tiny, etc) how their
> products cope with raw sockets, i.e. whether the firewall covers only the
> TCP/IP stack or whether they make some attempt to protect against raw
> socket accesses, too. None of them are forthcoming on this issue which only
> leads me to think that they do not protect and that you are quite exposed
> on a raw socket system, in terms of trojans/spyware/etc even with such a
> firewall (ok, yes, you are exposed anyway as it is not difficult to send
> data out via browsers and such like but that is another issue).
>
> Anyone have any comments on this subject, preferably minus ones involving
> "switch to Linux/*nix" ;-)?
>
> Regards,
> Dan
>
> --
> http://www.piclist.com hint: PICList Posts must start with ONE topic:
> [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads