Bugtraq mailing list archives
Re: (How) Does AntiSniff do what is claimed?
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Mon, 26 Jul 1999 09:47:55 -0400
The L0pht people have my admiration for fully documenting (and crediting) their approach, but I think they over-hype this tool by saying that it will detect sniffing -- a green light from their product does NOT mean you're not being sniffed.
Very true. Last time I wanted to set up a sniffer, I ended up adding a BPFONLY interface flag to the kernel, which completely disables the interface for incoming packets except for BPF access (the raw-packet interface on the OS in question was BPF). This would defeat all of AntiSniff's checks (with the possible exception of the response-time check, which would be possible if the machine had another interface that *could* receive packets). And all of the checks assume the machine has an IP address. For its apparently-intended purpose (helping admins tell when their net has been remotely compromised), this is not a problem, since such an intrusion will be little use to an attacker without leaving IP up on the machine...but I *would* have preferred to see this explicitly stated in their doco. der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: (How) Does AntiSniff do what is claimed?, (continued)
- Re: (How) Does AntiSniff do what is claimed? Jon Marler (Jul 25)
- Re: (How) Does AntiSniff do what is claimed? David Luyer (Jul 26)
- Re: (How) Does AntiSniff do what is claimed? Trevor Schroeder (Jul 27)
- Re: (How) Does AntiSniff do what is claimed? Trevor Schroeder (Jul 25)
- Re: (How) Does AntiSniff do what is claimed? Ian Goldberg (Jul 26)
- word 97 macrovirus protection problem thomas lakofski (Jul 26)
- Re: word 97 macrovirus protection problem Emils Klotins (Jul 28)
- New ActiveX security problems in Windows 98 PCs David N. Murray (Jul 29)
- Alert: Microsoft's Phone Dialer contains a buffer overrun that allows execution of arbitary code Mnemonix (Jul 30)
- Linux 2.2.10 ipchains Advisory Thomas Lopatic (Jul 27)
- Re: (How) Does AntiSniff do what is claimed? der Mouse (Jul 26)
- Re: (How) Does AntiSniff do what is claimed? Dr. Mudge (Jul 27)
- Re: (How) Does AntiSniff do what is claimed? Jon Marler (Jul 25)