For Immediate Release
L0pht Heavy Industries Releases a Public Beta of Its
Revolutionary New AntiSniff Network Security Software
Boston, MA - July 22, 1999 - L0pht Heavy Industries, a world
renowned
computer security think tank, today announced the public beta release of
its AntiSniff network security software, which can detect attackers
surreptitiously monitoring a computer network.
"AntiSniff is a whole new breed of network security tool, designed to
detect the attack patterns used in compromising a computer network,
instead of merely being reactive to already known vulnerabilities.", said
Dr. Mudge, Chief Scientist at L0pht Heavy Industries.
AntiSniff, which operates on both Windows NT and UNIX operating systems,
will detect remote computers that are packet sniffing, that is,
monitoring
all network communications.
In a recent survey, three-quarters of U.S. corporations, government
agencies, financial institutions and universities reported suffering
financial losses due to computer security breaches. Some of these
attacks
have become quite famous, such as the successfull attacks against the
Senate & FBI webservers. Other attacks, however, don't get any media
attention, and are far worse than the defacement of a web site. These
attacks involve the invasion of government and corporate secrets, and
personal privacy. Many of these attacks rely on packet sniffing to
penetrate deep into a computer network.
Network communication can be likened to large group of people standing
together in a room and talking. When people talk to each other, others
nearby have the ability to listen in. When computers communicate over
networks, they normally only listen to communications destined to
themselves. However, they also have the ability to enter promiscous
mode,
which allows them to listen to communications that are destined to other
computers.
When an attacker successfully compromises a computer, they install what
is
known as a packet sniffer, a tool that puts the computer into promiscuous
mode, thus allowing them to monitor and record all network
communications.
The private information they gather, such as account names, passwords,
credit cards, and even e-mail, is then used to compromise other
computers.
This is how, from one weak computer in a computer network, many
computers,
and the information they contain can be compromised. Until now, it has
been impossible for network administrators to remotely detect if
computers
were listening in on all network communications.
L0pht Heavy Industries' AntiSniff stops all this, by giving network
administrators and information security professionals the ability to
remotely detect computers that are packet sniffing, regardless of the
operating system. Dr. Mudge explains, "AntiSniff works by running a
number of non-intrusive tests, in a variety of fashions, which can
determine whether or not a remote computer is listening in on all network
communications. Now it is impossible for an attacker who is sniffing to
hide."
Current network security tools, such as network scanners, work by probing
machines for software that contains bugs or software that's
misconfigured.
Intrusion Detection Systems (IDS), work by finding malicious signatures
in
network traffic. AntiSniff, on the other hand, is the first of it's
kind.
It remotely detects the passive act of eavesdropping on network
communications. It will even detect packet sniffers installed by a rogue
insider who may have legitimate administrative access to a machine, but
still should not be monitoring all network traffic.
The AntiSniff public beta is released for Windows NT, complete with a
fully featured graphical interface, report generating tools, and alarm
system. It is designed so that it can be used to quickly scan a network
or
scan continuously, triggering alarms when a "packet sniffing" machine is
detected.
The beta version has been made available free to all who would like to
try
it out. L0pht hopes to have the commercial release ready within a few
weeks. Retail and site license pricing have not yet been determined.
To further the research of the security community as a whole, as they
have
in previous products, L0pht will be releasing AntiSniff as a UNIX
command-line tool, complete with full source code.
For more information please contact
AntiSniff@l0pht.com. The free beta
download and full documentation are available at
http://www.l0pht.com/antisniff/.
About L0pht Heavy Industries
L0pht Heavy Industries is a world renowned computer security think tank.
Founded in 1992 as a computer research facility, the L0pht has grown into
a leader in the field of computer security software. The L0pht's products
include L0phtCrack, the industry standard NT password auditing tool. As a
result of their innovative security research, the L0pht has released
dozens of computer security advisories to the Internet community, warning
of dangerous vulnerabilities in today's most widely used software. Many
at
the L0pht are considered top experts in the computer security field and
have appeared on numerous network news programs and documentaries, as
well
as having testified about government computer security for the U.S.
Senate. Visit the L0pht's web site at
http://www.l0pht.com.
All trademarks and registered trademarks are the property of their
respective holders.
|