Bugtraq mailing list archives
The Sentinel Project
From: bind () CTS COM (Marshall)
Date: Thu, 6 Apr 2000 14:58:34 -0700
Hello, Sentinel, a new utility for use of remote promiscuous detection, has been released. The Sentinel project is designed to be a portable accurate implementation of all publicly known remote promiscuous detection techniques. Sentinel currently supports 3 methods of detection: DNS tests, ARP tests, and ICMP Etherping tests. ICMP Ping latency tests are still under development. Sentinel was was developed under OpenBSD 2.6 and the majority of testing targeted a Linux 2.2.14 machine in promiscuous mode. During the development of Sentinel, I discovered that etherping testing which was known only to work against older linux kernels still does work in the 2.2.x kernels. Differences between Antisniff & Sentinel in the same environment: * DNS Testing: Sentinel was successful in detecting the machine running a sniffer, Antisniff was not. * Etherping Testing: Sentinel was successful in detecting the 2.2.14 machine in promiscuous mode and by default, Antisniff was not. * Antisniff supports ping latency tests, which Sentinel currently does not. Although, Antisniff's ping latency test was unable to detect a machine in promiscuous mode. Sentinel Homepage: http://www.packetfactory.net/Projects/sentinel -bind
Current thread:
- Re: Local Denial-of-Service attack against Linux Jeff Dafoe (Apr 02)
- Win32 RealPlayer 6/7 Buffer Overflow Adam Muntner (Apr 03)
- Re: Local Denial-of-Service attack against Linux Gigi Sullivan (Apr 03)
- Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm) Anthony Santen (Apr 04)
- minor issue with IBM HTTPD and /usr/bin/ikeyman Rude Yak (Apr 05)
- PcAnywhere weak password encryption Pascal Longpre (Apr 05)
- The Sentinel Project Marshall (Apr 06)