Boston, MA - July 22, 1999 - L0pht Heavy Industries, a world renowned computer security think tank, today announced the public beta release of its AntiSniff network security software, which can detect attackers surreptitiously monitoring a computer network.

"AntiSniff is a whole new breed of network security tool, designed to detect the attack patterns used in compromising a computer network, instead of merely being reactive to already known vulnerabilities.", said Dr. Mudge, Chief Scientist at L0pht Heavy Industries.

AntiSniff, which operates on both Windows NT and UNIX operating systems, will detect remote computers that are packet sniffing, that is, monitoring all network communications.

In a recent survey, three-quarters of U.S. corporations, government agencies, financial institutions and universities reported suffering financial losses due to computer security breaches. Some of these attacks have become quite famous, such as the successfull attacks against the Senate & FBI webservers. Other attacks, however, don't get any media attention, and are far worse than the defacement of a web site. These attacks involve the invasion of government and corporate secrets, and personal privacy. Many of these attacks rely on packet sniffing to penetrate deep into a computer network.

Network communication can be likened to large group of people standing together in a room and talking. When people talk to each other, others nearby have the ability to listen in. When computers communicate over networks, they normally only listen to communications destined to themselves. However, they also have the ability to enter promiscous mode, which allows them to listen to communications that are destined to other computers.

When an attacker successfully compromises a computer, they install what is known as a packet sniffer, a tool that puts the computer into promiscuous mode, thus allowing them to monitor and record all network communications. The private information they gather, such as account names, passwords, credit cards, and even e-mail, is then used to compromise other computers. This is how, from one weak computer in a computer network, many computers, and the information they contain can be compromised. Until now, it has been impossible for network administrators to remotely detect if computers were listening in on all network communications.

L0pht Heavy Industries' AntiSniff stops all this, by giving network administrators and information security professionals the ability to remotely detect computers that are packet sniffing, regardless of the operating system. Dr. Mudge explains, "AntiSniff works by running a number of non-intrusive tests, in a variety of fashions, which can determine whether or not a remote computer is listening in on all network communications. Now it is impossible for an attacker who is sniffing to hide."

Current network security tools, such as network scanners, work by probing machines for software that contains bugs or software that's misconfigured. Intrusion Detection Systems (IDS), work by finding malicious signatures in network traffic. AntiSniff, on the other hand, is the first of it's kind. It remotely detects the passive act of eavesdropping on network communications. It will even detect packet sniffers installed by a rogue insider who may have legitimate administrative access to a machine, but still should not be monitoring all network traffic.

The AntiSniff public beta is released for Windows NT, complete with a fully featured graphical interface, report generating tools, and alarm system. It is designed so that it can be used to quickly scan a network or scan continuously, triggering alarms when a "packet sniffing" machine is detected.

The beta version has been made available free to all who would like to try it out. L0pht hopes to have the commercial release ready within a few weeks. Retail and site license pricing have not yet been determined.

To further the research of the security community as a whole, as they have in previous products, L0pht will be releasing AntiSniff as a UNIX command-line tool, complete with full source code.

For more information please contact AntiSniff@l0pht.com. The free beta download and full documentation are available at http://www.l0pht.com/antisniff/.

About L0pht Heavy Industries

L0pht Heavy Industries is a world renowned computer security think tank. Founded in 1992 as a computer research facility, the L0pht has grown into a leader in the field of computer security software. The L0pht's products include L0phtCrack, the industry standard NT password auditing tool. As a result of their innovative security research, the L0pht has released dozens of computer security advisories to the Internet community, warning of dangerous vulnerabilities in today's most widely used software. Many at the L0pht are considered top experts in the computer security field and have appeared on numerous network news programs and documentaries, as well as having testified about government computer security for the U.S. Senate. Visit the L0pht's web site at http://www.l0pht.com.