Re: Bind to specify sending NIC on multi-homed computer

Koji Ishii wrote:
> I found that even if I bind a socket to a local address, packets can
> go out from the other NIC. From the last paragraph of this KB:
> http://support.microsoft.com/kb/175396
> it looks like this is a by design.
>
> But my question is why.

This has been discussed multiple times in this forum. You may want to google
for details. The last thread I can remeber was
http://groups.google.com/group/microsoft.public.win32.programmer.networks/browse_frm/thread/55e9fb74664a553c/aac1ef670dc099d3#aac1ef670dc099d3

> * Bind() is used to be used when dev wants to use a specific NIC. This
> design breaks developers' expectations by experiences.

The expectations are mostly wrong.

> * Because of this design, non-Admin users can send UDP packets with
> their favorite source IP address. Just plug two NICs and assign your
> favorite address to one NIC, then connect the other to Internet or
> Intranet.

If somebody has a physical access to a machine you can forget about
admin/non-admin stuff.

> Isn't this a security probelm with current XP stack?

Not in the way you see it. However I am not sure there isn't some real
security problem hiding in this area.

> * When dev really wants to send packets from a NIC -- in my case, I
> want to seach an UPnP device connected to non-default NIC -- it's
> really hard to achieve.

Yes and no. Technically this is not hard. You just need to change the
routing table. However, I do understand the shortcomings of this. The
problem is that Windows lumps two distinct thigs together. One is a "general
purpose network card" which is just any kind of adapter that can be used to
connect to the network. Another is "special smart [possibly virtual]
card-like device" used by a single application for its own purposes. The
general purpose cards really should be managed by an admin *not* application
and Windows does it right. The problem is that the same model is used for
special cards and there is AFAIK no easy way to change this fact.


--
Eugene
http://www.gershnik.com




.

Relevant Pages

  • Re: Socket Bind question
    ... Note that multicasting requires that you enable the multicast group, ... if the NICs are on separate cards (as opposed to multiple ... stack, and you can pursue it in one of the network groups, or report it as a bug. ... My understanding of Bind was that if you passed NULL for the IP address then ...
    (microsoft.public.vc.mfc)
  • Re: Bind to specify sending NIC on multi-homed computer
    ... >I found that even if I bind a socket to a local address, packets can go out ... > * Bind() is used to be used when dev wants to use a specific NIC. ... > design breaks developers' expectations by experiences. ... >Just plug two NICs and assign your favorite ...
    (microsoft.public.win32.programmer.networks)
  • Bind to specify sending NIC on multi-homed computer
    ... I found that even if I bind a socket to a local address, packets can go out ... design breaks developers' expectations by experiences. ... Just plug two NICs and assign your favorite ...
    (microsoft.public.win32.programmer.networks)
  • Re: Socket Bind question
    ... Yes I'm using ASM multicast. ... I have a client that has a computer with two NICs in it. ... My understanding of Bind was that if you passed NULL for the IP address ... port for TCP listen? ...
    (microsoft.public.vc.mfc)
  • Re: Socket Bind question
    ... I have a client that has a computer with two NICs in it. ... connected to a different network. ... My understanding of Bind was that if you passed NULL for the IP address then ... port for TCP listen? ...
    (microsoft.public.vc.mfc)
Loading