Do I miss something or antisniff will totally fail to detecting a non-IP
machine going promiscuous ?
Is there any Novell trojan that can turn an IPX only machine into a
sniffer ?
Is there a trojan for VMS that can turn a Decnet only machine into a
sniffer ?
Is there a DOS trojan that can turn a Netbeui only machine into a
sniffer ?
Also, a dedicated sniffing device/machine inserted on your network by a
cracker will probably be as verbose as a /dev/null with its TX wire cut,
huh ?
So, one should be well aware that antisniff only detect when a regular
IP machine you know (you need to know its IP address) is changing to
promiscuous mode, but fail to detect "any" promiscuous mode device on a
specific network.
I see nothing except maybe an electronical device analyzing signal
deformation to detect such attacks. Cryptography is probably a cheaper
alternative to this kind of protection, anyway.
Nevertheless, antisniff will detect _MOST_ cases of sniffing attacks,
and it is the first integrated graphical tool to do it so well, and as
such it is really a "must have" tool.
Many thanks to L0pht for their work.
Paul
Nick Lamb wrote:
>
> How does AntiSniff detect sniffing?
> http://www.l0pht.com/antisniff/tech-paper.html
-> a very good paper indeed.
[...]
>
> Nick.
