It is beta right now. Due to comments such as this (ie if you have attackers physically on your premises installing their own hardware in acoustic ceiling tiles with TX leads cut.... heh... you have more problems than we'd like to know about :)) I'll make sure it is more explicitely stated in the docs. thanks everyone! .mudge On Mon, 26 Jul 1999, der Mouse wrote: > > The L0pht people have my admiration for fully documenting (and > > crediting) their approach, but I think they over-hype this tool by > > saying that it will detect sniffing -- a green light from their > > product does NOT mean you're not being sniffed. > > Very true. > > Last time I wanted to set up a sniffer, I ended up adding a BPFONLY > interface flag to the kernel, which completely disables the interface > for incoming packets except for BPF access (the raw-packet interface on > the OS in question was BPF). This would defeat all of AntiSniff's > checks (with the possible exception of the response-time check, which > would be possible if the machine had another interface that *could* > receive packets). > > And all of the checks assume the machine has an IP address. For its > apparently-intended purpose (helping admins tell when their net has > been remotely compromised), this is not a problem, since such an > intrusion will be little use to an attacker without leaving IP up on > the machine...but I *would* have preferred to see this explicitly > stated in their doco. > > der Mouse > > mouseat_private > 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:53:44 PDT