Forwarded from: Justin Lundy <jblat_private> Raytheon developed SilentRunner directly after a programmer named "bind" published his open-source "siphon" project on the Internet two years ago. The siphon software passively mapped networks (see where the SilentRunner name comes from?) to generate OS fingerprints for all hosts that were a source of traffic. This also included a list of all open ports on the machines. Newer versions, and the development versions contain a greatly expanded list of useful features. Raytheon was seen reading the siphon material and downloading the software several times from several different machines on their network for months. The passive network mapping concept is definately not worth trademarking, patenting, copyrighting, or sevicemarking--because it is so simple. If you want this same functionality for FREE, hire a consultant that understands how to open-source operate protocol analyzers such as tcpdump, ngrep, or ethereal. Or download siphon[1]. Having worked in the computer industry for a while, nothing sickens me more than a constant supply of low-quality, small-scope software that was written in a week and sells for rediculous amounts of money. If you would like to see where this concept was originally and publicly implemented, see siphon[1]. Bind presented at Blackhat USA 2001 on the concept. And please, before you encourage "commercial industry experts" by purchasing their BS; look around at the FREE alternatives first. [1] http://www.insidiae.org/projects/siphon/ If you would like a more in depth explanation, feel free to contact me via email directly. If I see another defense contractor scam companies by selling trash like this, I will vomit on their marketing material and physically mail it back to them. If anyone from Raytheon threatens me as a result of this email, I would like to remind them that this was an expression of my opinion and experience in dealing with such software vendors; and as such is protected by the First Ammendment. -jbl On Fri, Apr 26, 2002 at 03:09:29AM -0500, InfoSec News wrote: > http://www.washingtonpost.com/wp-dyn/articles/A42202-2002Apr24.html > > Joseph C. Anselmo > Washington Techway > Thursday, April 25, 2002; 10:45 AM > > The security chief at a big name brokerage firm in New York had a > problem. Proprietary information was being leaked from the trading > floor to a competitor and he didn't know how. > > Enter SilentRunner, a Linthicum-based startup that has developed > software to enhance network security. > > "We took a look at the 400 [Internet] addresses on the trading > floor," says Jeff Waxman, SilentRunner's president and CEO. "Just > before the trading shut down at 4 o'clock we watched an e-mail go > from one of his traders to a competitor with all of their internal > information." The offender was escorted out in handcuffs and > SilentRunner had won another customer. > > Protecting corporate computer networks from outside intruders has > become a big business these days. But information technology > security experts say it's also crucial to know what's going on > inside the firewall. > > "Every survey that's ever been done says that two-thirds or > three-quarters of security [breaches] involve insiders," says Paul > Connelly, who runs PricewaterhouseCoopers' Technology Security > Practice for the southeast region. "What an insider can do is much > more damaging because they know your network and what's critical to > your network." > > The SilentRunner software was released in June 2000 by defense > electronics giant Raytheon Co., which spun it off as a wholly owned > subsidiary last November. The idea for the commercial software came > from Raytheon's work on top-secret signals intelligence programs, > which sift through massive amounts of communications to intercept > conversations from targets such as al Qaeda terrorists. For workers > goofing off on the job - or worse - the software is downright scary. > Loaded onto a laptop, it runs undetected. Twenty five algorithms map > out how a network is being used - from keeping tabs on intellectual > property down to every e-mail, every Web site visited and the > location and make of computers logged on remotely. The software > translates huge amounts of data into simple illustrations to help > network administrators spot trouble. -- ---=[ Practice is not a matter of years and months. It is concentration. ]=-- ---=[ Email: jblat_private o0o Web: http://www.subterrain.net/~jbl/ ]=-- ---=[ PGP fingerprint: 345A A958 67A3 A215 0270 5102 8002 8B4C 3803 A9BC ]=-- - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Apr 29 2002 - 05:57:15 PDT