Bugtraq mailing list archives
Re: (How) Does AntiSniff do what is claimed?
From: tschroed () ACM ORG (Trevor Schroeder)
Date: Sun, 25 Jul 1999 17:31:07 -0500
On Sun, 25 Jul 1999, Nick Lamb wrote:
If AntiSniff becomes popular, I'd estimate only a few months grace before Black Hats have made a reduced-functionality sniffer which slips under AntiSniff's radar. I don't have any use for such a tool, but if I did I doubt I'd need more than a week or two to get it right.
At the risk of harping on the AntiSniff topic, the previous thread on an Rx-only NIC provides an excellent example. Go to http://www.zweknu.org/tech.php3 for a guide to creating a totally passive NIC complete with diagrams. In the event that you can't do that, a fairly fascist set of firewall rules on the sniffing host SHOULD keep your host from responding to any of the L0pht probes. What AntiSniff will do is protect you against newbies who don't think to cover themselves or system crackers who might otherwise use a legitimate host to illegitimately sniff traffic on a privileged net. The latter case is the real value, IMHO. They can't disable the host's network interface for normal use and thus it certainly SHOULD be detectable. ....................................................................... : "Welcome to NSA's Web Server!" : Trevor Schroeder : : -- National Security Agency : tschroed () acm org : :........... http://www.zweknu.org/ for PGP key and more .............:
Current thread:
- (How) Does AntiSniff do what is claimed? Nick Lamb (Jul 24)
- Re: (How) Does AntiSniff do what is claimed? Paul Boyer (Jul 25)
- Re: (How) Does AntiSniff do what is claimed? Jon Marler (Jul 25)
- Re: (How) Does AntiSniff do what is claimed? David Luyer (Jul 26)
- Re: (How) Does AntiSniff do what is claimed? Trevor Schroeder (Jul 27)
- Re: (How) Does AntiSniff do what is claimed? Trevor Schroeder (Jul 25)
- Re: (How) Does AntiSniff do what is claimed? Ian Goldberg (Jul 26)
- word 97 macrovirus protection problem thomas lakofski (Jul 26)
- Re: word 97 macrovirus protection problem Emils Klotins (Jul 28)
- New ActiveX security problems in Windows 98 PCs David N. Murray (Jul 29)
- Alert: Microsoft's Phone Dialer contains a buffer overrun that allows execution of arbitary code Mnemonix (Jul 30)
- Linux 2.2.10 ipchains Advisory Thomas Lopatic (Jul 27)
- <Possible follow-ups>
- Re: (How) Does AntiSniff do what is claimed? der Mouse (Jul 26)
- Re: (How) Does AntiSniff do what is claimed? Dr. Mudge (Jul 27)