Prev: lpr printing from Windows to Linux
Next: ipconfig in xen initrd
From: karthikbalaguru on 5 Jan 2010 13:51
Hi,

Is there any version of Linux that apply such
restrictions on traffic over raw sockets ?

In Windows, the releases after Windows XP
with SP2 have the ability to send traffic over
raw sockets but has been restricted in two ways:
1. TCP data cannot be sent over raw sockets.
2. UDP datagrams with invalid source addresses
cannot be sent over raw sockets. The IP source
address for any outgoing UDP datagram must exist
on a network interface or the datagram is dropped.

Any ideas ?

Thx in advans,
Karthik Balaguru
From: David Schwartz on 5 Jan 2010 16:16
On Jan 5, 10:51 am, karthikbalaguru <karthikbalagur...(a)gmail.com>
wrote:

> Is there any version of Linux that apply such
> restrictions on traffic over raw sockets ?

> In Windows, the releases after Windows XP
> with SP2 have the ability to send traffic over
> raw sockets but has been restricted in two ways:
> 1. TCP data cannot be sent over raw sockets.
> 2. UDP datagrams with invalid source addresses
> cannot be sent over raw sockets. The IP source
> address for any outgoing UDP datagram must exist
> on a network interface or the datagram is dropped.

> Any ideas ?

Simply don't send those kinds of packets if you don't want to. A
restriction imposed by and on the same entity is a joke. The root user
would enable to disable those restrictions and only the root user can
create and use raw sockets.

DS

From: Burkhard Ott on 5 Jan 2010 16:35
On Tue, 05 Jan 2010 10:51:37 -0800, karthikbalaguru wrote:

> Hi,
>
> Is there any version of Linux that apply such restrictions on traffic
> over raw sockets ?
>
> In Windows, the releases after Windows XP with SP2 have the ability to
> send traffic over raw sockets but has been restricted in two ways: 1.
> TCP data cannot be sent over raw sockets. 2. UDP datagrams with invalid
> source addresses cannot be sent over raw sockets. The IP source address
> for any outgoing UDP datagram must exist on a network interface or the
> datagram is dropped.


That would need a restriction on kernel level, since root can create raw
sockets for all protocols.

cheers

From: David Brown on 6 Jan 2010 02:54
karthikbalaguru wrote:
> Hi,
>
> Is there any version of Linux that apply such
> restrictions on traffic over raw sockets ?
>
> In Windows, the releases after Windows XP
> with SP2 have the ability to send traffic over
> raw sockets but has been restricted in two ways:
> 1. TCP data cannot be sent over raw sockets.
> 2. UDP datagrams with invalid source addresses
> cannot be sent over raw sockets. The IP source
> address for any outgoing UDP datagram must exist
> on a network interface or the datagram is dropped.
>
> Any ideas ?
>

Why would you want to make such restrictions?

It is understandable in windows - this is to limit malware which might
send such packets for spoofing. Since there is no effective user
permission system in windows (any malware program will run with "root"
privileges), and almost no legitimate use for sending raw packets in
windows, then restricting such packets makes sense.

In Linux, however, malware is a rarity, and it's hard (though not
impossible) for a rogue program to get root privileges. And raw
sockets, address spoofing, and other low-level networking features /are/
useful in Linux systems for testing or for complex network setups.
From: Maxwell Lol on 6 Jan 2010 08:00
karthikbalaguru <karthikbalaguru79(a)gmail.com> writes:

> Hi,
>
> Is there any version of Linux that apply such
> restrictions on traffic over raw sockets ?

Not really. Even if a machine has a restricted OS, I could boot up on
a USB drive and run a kernel that allowed raw IP packets.
So what's the point?

If you want to add restrictions like this, add it to all of your
network mfirewalls.

You can have tools that can monitor anomolies, such as MAC address
spoofing, OS fingerprinting changes, IP address changes, etc.


 | 
Pages: 1
Prev: lpr printing from Windows to Linux
Next: ipconfig in xen initrd