Jump to content

Raw socket: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
m WikiCleaner 0.87 - Repairing link to disambiguation page - You can help!
added some of the legit reasons for the existence of this feature
Line 1: Line 1:
In [[computer networking]], a '''raw socket''' is a [[Internet socket|socket]] that allows direct access to [[packet (information technology)|packet]]'s [[header (information technology)|headers]]. Raw sockets allow users to craft packets' headers, and this power can be abused to perform attacks such as [[IP address spoofing]] in hand with [[denial-of-service attack|denial-of-service]].
In [[computer networking]], a '''raw socket''' is a [[Internet socket|socket]] that allows direct access to [[packet (information technology)|packet]]'s [[header (information technology)|headers]]. Raw sockets allow users to craft packets' headers, and this power can be used for good (system monitoring, intrusion detection, etc) or evil (attacks such as [[IP address spoofing]] in hand with [[denial-of-service attack|denial-of-service]]).


== Overview ==
== Overview ==

Revision as of 02:51, 9 March 2009

In computer networking, a raw socket is a socket that allows direct access to packet's headers. Raw sockets allow users to craft packets' headers, and this power can be used for good (system monitoring, intrusion detection, etc) or evil (attacks such as IP address spoofing in hand with denial-of-service).

Overview

Raw sockets are not a programming language-level construct, they are part of the underlying operating system's networking API. Most socket interfaces, especially those based on the Berkeley sockets, support them.

Usually raw sockets receive packets containing the header, as opposed to standard sockets, which receive just the payload with the headers stripped for programmer's convenience. For outgoing packets, whether or not a header is automatically prepended is usually a raw socket's configurable option.

Raw sockets are usually used on the network's transport layer or network layer.

Controversy

When Windows XP was first released in 2001 with raw socket support implemented into the Winsock interface, the media attacked Microsoft saying that raw sockets are only of use to hackers to pull off TCP reset attacks. In the summer before the Windows XP release, security consultant Steve Gibson described in detail why raw sockets in Windows XP were a major security issue. Three years after the Windows XP release, Microsoft silently limited Winsock's raw socket support in a non-removable hotfix and offered no further support or workarounds for applications that used them.[1] They generally work for legitimate uses, that is, when using UDP datagrams crafted to have a source address that matches one on the sending interface.

See also