Première page Précédent Suivant Dernière page Résumé Image
Avoiding TCP server hijacking
SO_EXCLUSIVEADDRUSE socket option
- Introduced in Windows NT 4.0 SP4
- " The SO_EXCLUSIVEADDRUSE option prevents other sockets from being forcibly bound to the same address and port, a practice enabled by the SO_REUSEADDR option; such reuse can be executed by malicious applications to disrupt the application "
- Not used by all Microsoft products...
- Example: IIS 5, as seen before
- In W2K
- Used by RPC services listening on TCP/IP or UDP/IP
- Used by SQL Server (1433/tcp)
- Used by NetBT driver (137/udp, 138/udp, 139/tcp, 445/tcp)