Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
FBI unbolts Steve Jobs 1991 investigation file
Cisco boosted profit, sales in Q2 while cutting costs
Macs take on the enterprise
Four crazy tech ideas from Google's Solve for X project
Obama 2012 campaign playlist revealed courtesy of Spotify
Oracle buying Taleo for US$1.9 billion in direct hit at SAP
Amazon attacks Apple: You get 3 Kindle products for price of iPad 2
Pre-rendered pages highlight latest Google Chrome release
Microsoft exec: Lync-Skype integration a 'compelling opportunity'
The future of hypervisors
/

AntiSniff software allows you to turn the tables on packet sniffers

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By Dave Kearns
Network World on NT, 08/04/99

Boston's L0pht Heavy Industries is best known for L0phtCrack, a hacker's tool for discovering Windows NT passwords. But L0pht has always wanted to be considered a computer security think tank, rather than a refuge for crackers. The company may have taken a big step in that direction with the recent beta release called AntiSniff network security software, which can detect attackers who are surreptitiously monitoring a computer network.

Ex-hacker "Mudge" (not his real name, and now identified as "Dr. Mudge, Chief Scientist at L0pht") defines AntiSniff as "a whole new breed of network security tool, designed to detect the attack patterns used in compromising a computer network, instead of merely being reactive to already known vulnerabilities."

According to L0pht, three-quarters of corporations, government agencies, financial institutions and universities in the U.S. have reported suffering financial losses due to computer security breaches. Some of these attacks have become quite famous, such as the successful attacks against the Senate & FBI Web servers. Other attacks, however, don't get any media attention, and are far worse than the defacement of a Web site. These attacks involve the invasion of government as well as corporate secrets and personal privacy. Many of these attacks rely on packet sniffing to penetrate deep into a computer network. AntiSniff will detect remote computers that are packet sniffing, that is, monitoring all network communications.

When computers communicate over networks, they normally only listen to communications destined for themselves. However, they also have the ability to enter promiscuous mode, which allows them to listen to communications that are destined to other computers. When an attacker successfully compromises a computer, a packet sniffer can be installed. The packet sniffer is the tool that puts the computer into promiscuous mode, which allows it to monitor and record all network communications. The private information it gathers, such as account names, passwords, credit cards and even e-mail, is then used to compromise other computers. This is how, from one weak computer in an NT network, many computers and the information they contain, can be compromised. Until now, it has been impossible for network administrators to remotely detect if computers were listening in on all network communications.

AntiSniff gives network administrators and information security professionals the ability to remotely detect computers that are packet sniffing. By running a number of nonintrusive tests in a variety of ways network administrators and information security professionals can determine whether or not a remote computer is listening in on all network communications.

The AntiSniff public beta NT is complete, it has a fully featured graphical interface, report generating tools and alarm system. It is designed to scan a network quickly or continuously and to trigger alarms when a packet-sniffing machine is detected.

The beta version is available and free to all who would like to try it. L0pht hopes to have the commercial release ready within a few weeks. Retail and site license prices have not yet been determined.

Virtual Quill is a writing agency serving the computer and networking industries. If your target customer doesn't know your product, doesn't know its uses and doesn't know he needs it, he's not going to buy it. From books to reviews, marketing to manuals, VQ can help you and your business. Virtual Quill - "words to sell by..." Find out more at www.vquill.com, or by email at info@vquill.com.

lOpht Industries AntiSniff site

Sniffing for harassing corporate e-mail
Network World, 06/21/99

Network World Fusion Focus: More Detection, more! Part III
Network World, 05/05/99

Hacker arsenals feature new weapons
Network World, 03/22/99

Exposing the deep, dark secrets of TCP/IP
Network World, 02/01/99

Network World Fusion Focus: Understanding domains in Active Directory Service
Network World, 07/05/99

Care of NT nets made less expensive
Network World, 06/21/99

Review: NT vs. Linux
Network World, 05/17/99

Archive of Network World on Windows NT newsletters


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.