This means the listening socket was created using SOCK_RAW as opposed to SOCK_STREAM or SOCK_DGRAM. Raw sockets are used for working with ICMP, doing packet sniffing, sending some types of custom TCP packets, etc. Basically anything that isn't UDP or TCP, you'll need a raw socket for.
Historically programs like `ping` and `traceroute` use raw sockets. Using raw sockets requires privilege, which is why those historically have been set-uid on Unix systems.
So is this a vulnerability in specific raw sockets applications (i.e., you could get it right in the application), or a vulnerability in the Windows kernel's TCP/IP stack that is only exploitable when there is a raw sockets application running?
Raw is a protocol type in the socket api allowing the application to send and receive arbitrary packets (e.g. not packets generated by the system's TCP implementation).
Noxwizard|2 years ago
cryptonector|2 years ago
drewcoo|2 years ago
And here they explain that if you use SOCK_RAW, you should look out for bad datagrams:
https://learn.microsoft.com/en-us/windows/win32/winsock/tcp-...
cryptonector|2 years ago
dboreham|2 years ago
MadsRC|2 years ago
Someone1234|2 years ago
A raw socket allows creation/consumption of bespoke packet types (i.e. not Tcp/Udp). In this case ICMP.