4980801 2000-04-07 01:09 /44 rader/ Postmaster
Mottagare: Bugtraq (import) <10439>
Ärende: The Sentinel Project
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
X-Accept-Language: en
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <38ED088A.81D075DE@cts.com>
Date: Thu, 6 Apr 2000 14:58:34 -0700
Reply-To: Marshall <bind@CTS.COM>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Marshall <bind@CTS.COM>
X-To: "BUGTRAQ@SECURITYFOCUS.COM" <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Hello,
Sentinel, a new utility for use of remote promiscuous detection,
has been released. The Sentinel project is designed to be a portable
accurate implementation of all publicly known remote promiscuous
detection techniques. Sentinel currently supports 3 methods of
detection: DNS tests, ARP tests, and ICMP Etherping tests. ICMP Ping
latency tests are still under development.
Sentinel was was developed under OpenBSD 2.6 and the majority of
testing targeted a Linux 2.2.14 machine in promiscuous mode. During
the development of Sentinel, I discovered that etherping testing
which was known only to work against older linux kernels still does
work in the 2.2.x kernels.
Differences between Antisniff & Sentinel in the same environment:
* DNS Testing: Sentinel was successful in detecting the machine
running a sniffer, Antisniff was not.
* Etherping Testing: Sentinel was successful in detecting the 2.2.14
machine in promiscuous mode and by
default, Antisniff was not.
* Antisniff supports ping latency tests, which Sentinel currently does
not. Although, Antisniff's ping
latency test was unable to detect a machine in promiscuous mode.
Sentinel Homepage: http://www.packetfactory.net/Projects/sentinel
-bind
(4980801) ------------------------------------------(Ombruten)