2.6.5. Windows services and drivers protected against socket hijacking

2.6.5. Windows services and drivers protected against socket hijacking
Prev	2.6. Sockets binding and hijacking	Next

Most Windows 2000 (and later Windows NT versions) network services are protected with the SO_EXCLUSIVEADDRUSE socket option:

All RPC services that use TCP sockets (135/tcp, dynamic TCP ports in range 1025-5000) apparently use the socket option
MS SQL Server 2000 (1433/tcp)

All ports opened by Windows 2000 drivers (and later Windows NT version) correctly set the ShareAccess parameter to 0 when calling ZwCreateFile();

NetBT driver: 137/udp, 138/udp, 139/tcp, 445/tcp
PPTP driver: 1723/tcp

Prev	Up	Next
2.6.4. What happens when SO_EXCLUSIVEADDRUSE is not used?	Home	2.6.6. Global protection against socket hijacking