L0pht Heavy Industries - AntiSniff

[yua () ARTLOVER COM (Alex Yu)]

For Immediate Release

L0pht Heavy Industries Releases a Public Beta of Its
Revolutionary New AntiSniff Network Security Software
Boston, MA - July 22, 1999 - L0pht Heavy Industries, a world renowned
computer security think tank, today announced the public beta release of its
AntiSniff network security software, which can detect attackers
surreptitiously monitoring a computer network.

"AntiSniff is a whole new breed of network security tool, designed to detect
the attack patterns used in compromising a computer network, instead of
merely being reactive to already known vulnerabilities.", said Dr. Mudge,
Chief Scientist at L0pht Heavy Industries.

AntiSniff, which operates on both Windows NT and UNIX operating systems,
will detect remote computers that are packet sniffing, that is, monitoring
all network communications.

In a recent survey, three-quarters of U.S. corporations, government
agencies, financial institutions and universities reported suffering
financial losses due to computer security breaches. Some of these attacks
have become quite famous, such as the successfull attacks against the Senate
& FBI webservers. Other attacks, however, don't get any media attention, and
are far worse than the defacement of a web site. These attacks involve the
invasion of government and corporate secrets, and personal privacy. Many of
these attacks rely on packet sniffing to penetrate deep into a computer
network.

Network communication can be likened to large group of people standing
together in a room and talking. When people talk to each other, others
nearby have the ability to listen in. When computers communicate over
networks, they normally only listen to communications destined to
themselves. However, they also have the ability to enter promiscous mode,
which allows them to listen to communications that are destined to other
computers.

When an attacker successfully compromises a computer, they install what is
known as a packet sniffer, a tool that puts the computer into promiscuous
mode, thus allowing them to monitor and record all network communications.
The private information they gather, such as account names, passwords,
credit cards, and even e-mail, is then used to compromise other computers.
This is how, from one weak computer in a computer network, many computers,
and the information they contain can be compromised. Until now, it has been
impossible for network administrators to remotely detect if computers were
listening in on all network communications.

L0pht Heavy Industries' AntiSniff stops all this, by giving network
administrators and information security professionals the ability to
remotely detect computers that are packet sniffing, regardless of the
operating system. Dr. Mudge explains, "AntiSniff works by running a number
of non-intrusive tests, in a variety of fashions, which can determine
whether or not a remote computer is listening in on all network
communications. Now it is impossible for an attacker who is sniffing to
hide."

Current network security tools, such as network scanners, work by probing
machines for software that contains bugs or software that's misconfigured.
Intrusion Detection Systems (IDS), work by finding malicious signatures in
network traffic. AntiSniff, on the other hand, is the first of it's kind. It
remotely detects the passive act of eavesdropping on network communications.
It will even detect packet sniffers installed by a rogue insider who may
have legitimate administrative access to a machine, but still should not be
monitoring all network traffic.

The AntiSniff public beta is released for Windows NT, complete with a fully
featured graphical interface, report generating tools, and alarm system. It
is designed so that it can be used to quickly scan a network or scan
continuously, triggering alarms when a "packet sniffing" machine is
detected.

The beta version has been made available free to all who would like to try
it out. L0pht hopes to have the commercial release ready within a few weeks.
Retail and site license pricing have not yet been determined.

To further the research of the security community as a whole, as they have
in previous products, L0pht will be releasing AntiSniff as a UNIX
command-line tool, complete with full source code.

For more information please contact For more information please contact AntiSniff () l0pht com. The free beta
download and full documentation are available at
http://www.l0pht.com/antisniff/.

About L0pht Heavy Industries

L0pht Heavy Industries is a world renowned computer security think tank.
Founded in 1992 as a computer research facility, the L0pht has grown into a
leader in the field of computer security software. The L0pht's products
include L0phtCrack, the industry standard NT password auditing tool. As a
result of their innovative security research, the L0pht has released dozens
of computer security advisories to the Internet community, warning of
dangerous vulnerabilities in today's most widely used software. Many at the
L0pht are considered top experts in the computer security field and have
appeared on numerous network news programs and documentaries, as well as
having testified about government computer security for the U.S. Senate.
Visit the L0pht's web site at http://www.l0pht.com.

All trademarks and registered trademarks are the property of their
respective holders.

These pages are Copyright 1999 L0pht Heavy Industries, Inc.