Raw socket

From Wikipedia, the free encyclopedia

In computer networking, a raw socket is a socket that allows direct access to packet's headers. Due to the fact that raw sockets allow users to craft packets' headers, their power can be abused to perform attacks such as IP address spoofing in hand with denial-of-service.

1 Overview
2 Controversy
3 See also
4 External links

[edit] Overview

Raw sockets are not a programming language-level construct, they are part of the underlying operating system's networking API. Most socket interfaces, especially those based on the Berkeley sockets, support them.

Usually raw sockets receive packets containing the header, as opposed to standard sockets, which receive just the payload with the headers stripped for programmer's convenience. For outgoing packets, whether or not a header is automatically prepended is usually a raw socket's configurable option.

Raw sockets are usually used on the network's transport layer or network layer.

[edit] Controversy

When Windows XP was first released in 2001 with raw socket support implemented into the Winsock interface, the media attacked Microsoft saying that raw sockets are only of use to hackers to pull off TCP reset attacks. In the summer before the Windows XP release, security consultant Steve Gibson described in detail why raw sockets in Windows XP were a major security issue. Three years after the Windows XP release, Microsoft silently limited Winsock's raw socket support in a non-removable hotfix and offered no further support or workarounds for applications that used them.[1] They generally work for legitimate uses, that is, when using UDP datagrams crafted to have a source address that matches one on the sending interface.