Regarding the ICMP tunneling discussion, ICMP covert channels have been used by security researchers and attackers for at least 10 years. Here's one of the first public reference implementations: http://www.phrack.org/show.php?p=49&a=6 and the actual source code is here http://www.phrack.org/show.php?p=51&a=6
As for the brain-damaged decision to cripple raw socket functionality in Windows XP SP2, the easiest way to circumvent it is to use a device driver and talk directly to it. The most popular option is winpcap (http://www.winpcap.org/) which requires installing a kernel driver (administrator) and a reboot but it is quite stable and mature code used by a large number of popular networking and security tools. Winpcap is usually used to capture packets off the wire but the functionality to inject arbitrary packets is also available using the pcap_sendpacket() function. -ivan David Barrett wrote: > That'd work as well, but what's the latest on raw socket support in XP SP2? > I seem to recall you need to install a device driver (which requires admin > privileges and a reboot). Is there any way to do raw sockets on XP SP2 with > less hassle? > > -david > >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On >> Behalf Of Sam Gentle >> Sent: Friday, June 16, 2006 11:31 AM >> To: Peer-to-peer development. >> Subject: Re: [p2p-hackers] Measure per-application bandwidth in Win32 >> >> On 6/16/06, David Barrett <[EMAIL PROTECTED]> wrote: >>> For example, is there some application like netstat or Sysinternal's >> TCPview >>> that not only shows which connections are currently active (and to which >>> processes they belong), but how much bandwidth they are actually using? >> There is a utility called AnalogX PacketMon that serves as a packet >> sniffer (using win2k/xp's raw sockets) - I realise that's not exactly >> what you're looking for, but I often use it to get an idea of what's >> using bandwidth. It might be possible to use a system similar to that >> to get definite numbers, if those are required. >> >> Sam >> _______________________________________________ >> p2p-hackers mailing list >> p2p-hackers@zgp.org >> http://zgp.org/mailman/listinfo/p2p-hackers >> _______________________________________________ -- "Buy the ticket, take the ride" -HST Ivan Arce CTO CORE SECURITY TECHNOLOGIES http://www.coresecurity.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A _______________________________________________ p2p-hackers mailing list p2p-hackers@zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
