Home page logo

bugtraq logo Bugtraq mailing list archives

Re: (How) Does AntiSniff do what is claimed?
From: paul.boyer () PAULBOYER ORG (Paul Boyer)
Date: Sun, 25 Jul 1999 21:14:33 +0200

Do I miss something or antisniff will totally fail to detecting a non-IP
machine going promiscuous ?

Is there any Novell trojan that can turn an IPX only machine into a
sniffer ?
Is there a trojan for VMS that can turn a Decnet only machine into a
sniffer ?
Is there a DOS trojan that can turn a Netbeui only machine into a
sniffer ?

Also, a dedicated sniffing device/machine inserted on your network by a
cracker will probably be as verbose as a /dev/null with its TX wire cut,
huh ?

So, one should be well aware that antisniff only detect when a regular
IP machine you know (you need to know its IP address) is changing to
promiscuous mode, but fail to detect "any" promiscuous mode device on a
specific network.
I see nothing except maybe an electronical device analyzing signal
deformation to detect such attacks. Cryptography is probably a cheaper
alternative to this kind of protection, anyway.

Nevertheless, antisniff will detect _MOST_ cases of sniffing attacks,
and it is the first integrated graphical tool to do it so well, and as
such it is really a "must have" tool.

Many thanks to L0pht for their work.


Nick Lamb wrote:

How does AntiSniff detect sniffing?
-> a very good paper indeed.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]