Do I miss something or antisniff will totally fail to detecting a non-IP machine going promiscuous ? Is there any Novell trojan that can turn an IPX only machine into a sniffer ? Is there a trojan for VMS that can turn a Decnet only machine into a sniffer ? Is there a DOS trojan that can turn a Netbeui only machine into a sniffer ? Also, a dedicated sniffing device/machine inserted on your network by a cracker will probably be as verbose as a /dev/null with its TX wire cut, huh ? So, one should be well aware that antisniff only detect when a regular IP machine you know (you need to know its IP address) is changing to promiscuous mode, but fail to detect "any" promiscuous mode device on a specific network. I see nothing except maybe an electronical device analyzing signal deformation to detect such attacks. Cryptography is probably a cheaper alternative to this kind of protection, anyway. Nevertheless, antisniff will detect _MOST_ cases of sniffing attacks, and it is the first integrated graphical tool to do it so well, and as such it is really a "must have" tool. Many thanks to L0pht for their work. Paul Nick Lamb wrote: > > How does AntiSniff detect sniffing? > http://www.l0pht.com/antisniff/tech-paper.html -> a very good paper indeed. [...] > > Nick.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:53:30 PDT