elmonomalo said:
http://grc.com/dos/winxp.htm
(a readup on why windows xp can be exploited.... hope it helps)
w00t...
grc just has something against XP...
raw sockets have ben available in UNIX and Linux since they were first invented...
Network communication happens with network packets.
thats to say that when you read this, the entire post doesn't arrive all at once, it arrives in small chunks that are seperated by the server, numbered and then pieced back together by your browser at the other end...
each packet contains a source address and a desitnation address, and of course the information.
IP spoofing is possible with raw socket access because the network socket *can* be modified, or rather the packet *can8 be modified so that the destination address is different.
Denial of service attacks work in a couple of ways,
the first is packet flooding, where a lot of packets are sent at once, every packet has to be sent, then recieved, then confirmed and acknowledged (google for syn ack), (it's a five part tcp handshake procedure).
flooding the address means that the server doesn't have time to respond to all packets and thus becomes unavailable to people since they packet times out.
this is why some news servers go offline after major events. (like after 911, lots of traffic meant that some news servers were literally offline).
second method.
Forging the packet headers to give a false IP address meant that the five way handshake can never be properly done.
since there is never a reply...
person a sends packet to server A with forged headre pointing to person B
SYN?
server a responds to person B
SYNACK?
person B ignors the packet snice it didn't send a packet.
server A waits for a response...
there is only enough space for (top of head remembering) 5 packets in the TCP IP stack...
so five spoofed packets bring down the server since the TCPIP stack is full...
the server has to wait until the TTL (time to live) of the packet is expired before it can delete it from the stack...
thus, yes, raw packet access does mean that hosts can be brought down... but blaming microsoft is a stupidly ignorant/uneducated thing to do, especially coming from the suposable security expert that gibson is.
as for how to spoof a packet...
goggle it. I'm sure you'l find some thing that fully confuses you more than that did! (if it did).