----- Message from Fyodor on Wed, 11 Aug 2004 1223 -0700 -----
To: [email protected]
Subject: Windows XP SP2 incompatible with Nmap
This is just a heads-up that most Nmap functionality will not work on
the just-released Microsoft Windows SP2. Why? Microsoft apparently
broke it on purpose! When an Nmap user asked MS why security tools
such as Nmap broke, MS responded:
"We have removed support for TCP sends over RAW sockets in SP2.
We surveyed applications and found the only apps using this on XP were
people writing attack tools."
I don't know why they consider Nmap an "attack tool", particularly
when they recommend it on some of their own pages. Shrug.
Removing SP2 re-enables the functionality and causes Nmap to work
again. Many problems unrelated to Nmap have been found with SP2 as
well, though it does some welcome security improvements for people
stuck on that platform.
I will work on this if I get time, but am currently busy rewriting the
core port scanning engine for the next version of Nmap. It is much
faster, offers much better multiple-host parallelization, and provides
other long-desired features such as completion time estimates. If
someone finds a solution to this SP2 problem, please send a patch. It
may not be too hard, as Nmap supports operating systems such as Win95
that didn't have raw socket support in the first place.
As I recall microsoft enabled raw socket access at the unprivileged level in XP and was warned over and over that this was a bad move, security wise. Steve Gibson has been very vocal all along about this "feature". Looks like microsoft wised up.