Windows XP Widens DDoS Threat?

After a Distributed Denial of Service (DDoS) attack on his Web site, Steve Gibson of Gibson Research Corporation raised concerns that the inclusion of “raw sockets” support in Windows XP will make it easier for hackers to launch untraceable DDoS attacks.

A DDoS attack occurs when a hacker gains access to multiple computers on a network (including the Internet) and, without the users’ knowledge, installs “zombie” programs on them. The hacker then directs these zombies to combine forces and flood a target, such as a Web site, with packets. The packet flood effectively denies legitimate users access to the site.

Raw sockets are a feature of the standard “sockets” networking API, which enable applications to completely control the construction and content of packets. In Windows XP, the built-in Internet Connection Firewall and Internet Protocol Security (IPSec) implementations use raw sockets, as do network diagnostic tools and networked games. Raw socket implementations are already present in Linux, Mac OS X, Unix, and even in previous versions of Windows NT and Windows 2000.