NMAP is broken under XP SP2

Microsoft removed raw sockets from Windows XP SP2.

Before SP2 they were only available to Administrators and some people argued that with this powerful features Windows XP will be the “denial of service tool of choice for internet hackers everywhere”

There are several network tools that depend on that functionality, e.g. nmap.

I use nmap rather often so this was shocking for me – i gave it a try.

OK – most of the option i normally use still seem to work (i tested version 3.50 and not the newest 3.55). connect scan, stealth scan, version scan and fingerprinting seem to be OK (i also read other statements – but my first impression was good). what is broken are the IDS Evasion options like decoy scan or idle scanning (i think it’s because nmap has to spoof ip addresses whith these kind of scans and that’s were raw socket come into play…)

here’s the official statement from fyodor.

UPDATE: Fellow DevelopMentor instructor Ian Griffiths wrote a nice summary and consclusion about this change.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s