On Sun, 25 Jul 1999, Nick Lamb wrote: > If AntiSniff becomes popular, I'd estimate only a few months grace > before Black Hats have made a reduced-functionality sniffer which slips > under AntiSniff's radar. I don't have any use for such a tool, but if > I did I doubt I'd need more than a week or two to get it right. At the risk of harping on the AntiSniff topic, the previous thread on an Rx-only NIC provides an excellent example. Go to http://www.zweknu.org/tech.php3 for a guide to creating a totally passive NIC complete with diagrams. In the event that you can't do that, a fairly fascist set of firewall rules on the sniffing host SHOULD keep your host from responding to any of the L0pht probes. What AntiSniff will do is protect you against newbies who don't think to cover themselves or system crackers who might otherwise use a legitimate host to illegitimately sniff traffic on a privileged net. The latter case is the real value, IMHO. They can't disable the host's network interface for normal use and thus it certainly SHOULD be detectable. ....................................................................... : "Welcome to NSA's Web Server!" : Trevor Schroeder : : -- National Security Agency : tschroedat_private : :........... http://www.zweknu.org/ for PGP key and more .............:
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:53:30 PDT