Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (How) Does AntiSniff do what is claimed?

From: paul.boyer () PAULBOYER ORG (Paul Boyer)
Date: Sun, 25 Jul 1999 21:14:33 +0200

Do I miss something or antisniff will totally fail to detecting a non-IP
machine going promiscuous ?

Is there any Novell trojan that can turn an IPX only machine into a
sniffer ?
Is there a trojan for VMS that can turn a Decnet only machine into a
sniffer ?
Is there a DOS trojan that can turn a Netbeui only machine into a
sniffer ?

Also, a dedicated sniffing device/machine inserted on your network by a
cracker will probably be as verbose as a /dev/null with its TX wire cut,
huh ?

So, one should be well aware that antisniff only detect when a regular
IP machine you know (you need to know its IP address) is changing to
promiscuous mode, but fail to detect "any" promiscuous mode device on a
specific network.
I see nothing except maybe an electronical device analyzing signal
deformation to detect such attacks. Cryptography is probably a cheaper
alternative to this kind of protection, anyway.

Nevertheless, antisniff will detect _MOST_ cases of sniffing attacks,
and it is the first integrated graphical tool to do it so well, and as
such it is really a "must have" tool.

Many thanks to L0pht for their work.

Paul

Nick Lamb wrote:


How does AntiSniff detect sniffing?
http://www.l0pht.com/antisniff/tech-paper.html

-> a very good paper indeed.

[...]


Nick.
Previous By Date Next
Previous By Thread Next

Current thread: