mailing list archives
Re: (How) Does AntiSniff do what is claimed?
From: paul.boyer () PAULBOYER ORG (Paul Boyer)
Date: Sun, 25 Jul 1999 21:14:33 +0200
Do I miss something or antisniff will totally fail to detecting a non-IP
machine going promiscuous ?
Is there any Novell trojan that can turn an IPX only machine into a
Is there a trojan for VMS that can turn a Decnet only machine into a
Is there a DOS trojan that can turn a Netbeui only machine into a
Also, a dedicated sniffing device/machine inserted on your network by a
cracker will probably be as verbose as a /dev/null with its TX wire cut,
So, one should be well aware that antisniff only detect when a regular
IP machine you know (you need to know its IP address) is changing to
promiscuous mode, but fail to detect "any" promiscuous mode device on a
I see nothing except maybe an electronical device analyzing signal
deformation to detect such attacks. Cryptography is probably a cheaper
alternative to this kind of protection, anyway.
Nevertheless, antisniff will detect _MOST_ cases of sniffing attacks,
and it is the first integrated graphical tool to do it so well, and as
such it is really a "must have" tool.
Many thanks to L0pht for their work.
Nick Lamb wrote:
How does AntiSniff detect sniffing?
-> a very good paper indeed.