Raw socket

From Wikipedia, the free encyclopedia

Raw socket is a computer networking term used to describe a socket that allows access to packet headers on incoming and outgoing packets. Raw sockets are usually used at the transport or network layers.

Usually raw sockets always receive packets with the header included (as opposed to non-raw sockets, which strip the header and receive just the payload). Whether or not a header is automatically prepended to outgoing packets is usually a configurable socket option.

Raw sockets are not a programming language-level construct, they are part of the underlying operating system's networking API. Most socket interfaces (namely, the BSD socket interface) support raw sockets.

[edit] Controversy

Due to the fact that raw sockets allow users to craft packet headers themselves, their power can be abused to perform feats such as IP address spoofing in hand with a Denial-of-service attack.

When Windows XP was first released in 2001 with raw socket support implemented into the Winsock interface, the media attacked Microsoft saying that raw sockets are only of use to hackers to pull off TCP reset attacks. In the summer before the Windows XP release, security consultant Steve Gibson described in detail why raw sockets in Windows XP were a major security issue. The famous "Blaster" Internet worm used XP's raw sockets to attack Microsoft. Three years after the Windows XP release, Microsoft silently crippled Winsock's raw socket support in a non-removable hotfix and offered no further support or workarounds for applications that used them.[1]

See Michael Howard's Web Log for an indication of what's actually allowed in his article 'A little more info on raw sockets and Windows XP SP2'.

For legitimate uses with using UDP datagrams crafted to have a source address that matches one on the sending interface, it should work fine.