Bugtraq mailing list archives

The Sentinel Project

From: bind () CTS COM (Marshall)
Date: Thu, 6 Apr 2000 14:58:34 -0700


Hello,

  Sentinel, a new utility for use of remote promiscuous detection, has
been released.  The Sentinel project is designed to be a portable
accurate implementation of all publicly known remote promiscuous
detection
techniques.  Sentinel currently supports 3 methods of detection: DNS
tests, ARP tests, and ICMP Etherping tests.  ICMP Ping latency tests are
still under development.

  Sentinel was was developed under OpenBSD 2.6 and the majority of
testing targeted a Linux 2.2.14 machine in promiscuous mode. During the
development of Sentinel, I discovered that etherping testing which was
known only to work against older linux kernels still does work in the
2.2.x kernels.

Differences between Antisniff & Sentinel in the same environment:
  * DNS Testing: Sentinel was successful in detecting the machine
running a sniffer, Antisniff was not.
  * Etherping Testing: Sentinel was successful in detecting the 2.2.14
machine in promiscuous mode and by
     default, Antisniff was not.
  * Antisniff supports ping latency tests, which Sentinel currently does
not.  Although, Antisniff's ping
     latency test was unable to detect a machine in promiscuous mode.

Sentinel Homepage: http://www.packetfactory.net/Projects/sentinel

                                       -bind

Current thread:

Re: Local Denial-of-Service attack against Linux Jeff Dafoe (Apr 02)
- Win32 RealPlayer 6/7 Buffer Overflow Adam Muntner (Apr 03)
- Re: Local Denial-of-Service attack against Linux Gigi Sullivan (Apr 03)
- Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm) Anthony Santen (Apr 04)
- minor issue with IBM HTTPD and /usr/bin/ikeyman Rude Yak (Apr 05)
- PcAnywhere weak password encryption Pascal Longpre (Apr 05)
- The Sentinel Project Marshall (Apr 06)