Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: (How) Does AntiSniff do what is claimed?
From: tschroed () ACM ORG (Trevor Schroeder)
Date: Sun, 25 Jul 1999 17:31:07 -0500


On Sun, 25 Jul 1999, Nick Lamb wrote:

If AntiSniff becomes popular, I'd estimate only a few months grace
before Black Hats have made a reduced-functionality sniffer which slips
under AntiSniff's radar. I don't have any use for such a tool, but if
I did I doubt I'd need more than a week or two to get it right.

At the risk of harping on the AntiSniff topic, the previous thread on an
Rx-only NIC provides an excellent example.  Go to
http://www.zweknu.org/tech.php3 for a guide to creating a totally passive
NIC complete with diagrams.

In the event that you can't do that, a fairly fascist set of firewall rules
on the sniffing host SHOULD keep your host from responding to any of the
L0pht probes.

What AntiSniff will do is protect you against newbies who don't think to
cover themselves or system crackers who might otherwise use a legitimate
host to illegitimately sniff traffic on a privileged net.  The latter case
is the real value, IMHO.  They can't disable the host's network interface
for normal use and thus it certainly SHOULD be detectable.
.......................................................................
: "Welcome to NSA's Web Server!"                   : Trevor Schroeder :
:                     -- National Security Agency  : tschroed () acm org :
:........... http://www.zweknu.org/ for PGP key and more .............:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault