Nmap กับ MS XP SP2

ผมเพิ่งได้อ่านเมล์ฉบับนี้วันนี้เอง ไล่อ่านเมล์เก่าๆ ที่รับไว้ครับ ฉบับนี้ตั้งแต่
เดือน 8 แต่ได้ประโยชน์ดีครับ สำหรับคนที่ใช้ nmap อยู่ ลองอ่านนะครับ จากนาย
Fyodor ผู้เขียน nmap กับการเปลี่ยนแปลงใน TCP stack code ของ XP - SP2

---- (1)

This is just a heads-up that most Nmap functionality will not work on
the just-released Microsoft Windows SP2. Why? Microsoft apparently
broke it on purpose! When an Nmap user asked MS why security tools
such as Nmap broke, MS responded[1]:

“We have removed support for TCP sends over RAW sockets in SP2.
We surveyed applications and found the only apps using this on XP were
people writing attack tools.”

I don’t know why they consider Nmap an “attack tool”, particularly
when they recommend it on some of their own pages[2]. Shrug.
Removing SP2 re-enables the functionality and causes Nmap to work
again. Many problems unrelated to Nmap have been found with SP2 as
well[3], though it does some welcome security improvements for people
stuck on that platform.

I will work on this if I get time, but am currently busy rewriting the
core port scanning engine for the next version of Nmap. It is much
faster, offers much better multiple-host parallelization, and provides
other long-desired features such as completion time estimates. If
someone finds a solution to this SP2 problem, please send a patch. It
may not be too hard, as Nmap supports operating systems such as Win95
that didn’t have raw socket support in the first place.

Cheers,
Fyodor

[1] http://seclists.org/lists/nmap-dev/2004/Apr-Jun/0077.html
[2] http://www.microsoft.com/serviceproviders/security/tools.asp
[3] http://www.crn.com/sections/breakingnews/b…icleId=23905071