For Immediate Release
L0pht Heavy Industries Releases Its Revolutionary
New AntiSniff Network Security Software
Boston, MA - August 30, 1999 - L0pht Heavy Industries, a world
renowned computer security think tank, today announced the release of
its groundbreaking AntiSniff network security software. AntiSniff can
detect attackers surreptitiously monitoring a computer network.
"AntiSniff is a whole new breed of network security tool, designed to
detect the attack patterns used in compromising a computer network,
instead of merely being reactive to already known vulnerabilities.",
said Dr. Mudge, Chief Scientist at L0pht Heavy Industries.
AntiSniff, which operates on both Windows NT and UNIX operating systems,
will detect remote computers that are packet sniffing, that is,
monitoring all network communications.
Network communication can be likened to large group of people standing
together in a room and talking. When people talk to each other, others
nearby have the ability to listen in. When computers communicate over
networks, they normally only listen to communications destined to
themselves. However, they also have the ability to enter promiscuous
mode, which allows them to listen to communications that are destined to
other computers.
When an attacker successfully compromises a computer, they install what
is known as a packet sniffer, a tool that puts the computer into
promiscuous mode. This allows them to monitor and record all network
communications. The private information they gather, such as account
names, passwords, credit cards, and even e-mail, is then used to
compromise other computers. This is how, from one weak computer in a
computer network, many computers, and the information they contain can
be compromised. Until now, it has been impossible for network
administrators to remotely detect if computers were listening in on all
network communications.
L0pht Heavy Industries' AntiSniff stops all this, by giving network
administrators and information security professionals the ability to
remotely detect computers that are packet sniffing, regardless of the
operating system. Dr. Mudge explains, "AntiSniff works by running a
number of non intrusive tests, in a variety of fashions, which can
determine whether or not a remote computer is listening in on all
network communications. Now it is impossible for an attacker who is
sniffing to hide."
Mark Loveless, the project manager for Enterprise Security at
Burlington Northern Santa Fe Railway had this to say, "We have been
using AntiSniff during the beta period, and have found it to perform
perfectly. It found every promiscuous device we had on each network
segment we tested it on. We use a number of different devices
to monitor our network -- AntiSniff gives us the ability to monitor
who is doing the monitoring. When it comes to helping detect malicious
behavior on the network, AntiSniff has definitely raised the bar."
Current network security tools, such as network scanners, work by
probing machines for software that contains bugs or software that's
misconfigured. Intrusion Detection Systems (IDS), work by finding
malicious signatures in network traffic. AntiSniff, on the other hand,
is the first of it's kind. It remotely detects the passive act of
eavesdropping on network communications. Machines that have been
compromised by publically unknown vulnerabilies will be detected. It
will even detect packet sniffers installed by a rogue insider who may
have legitimate administrative access to a machine, but should not be
monitoring all network traffic.
AntiSniff is currently available for Windows NT, complete with a
fully featured graphical interface, report generating tools, and alarm
system. It is designed to quickly scan a network or to scan
continuously, triggering alarms when a "packet sniffing" machine is
detected. The product is priced at $350 per licensed machine. Site
licenses and maintenance support are available.
To further the research of the security community as a whole, as they
have in previous products, L0pht will be releasing AntiSniff as a UNIX
command line tool, complete with full source code. The UNIX version will
be free for non-commercial use.
For more information please contact AntiSniff@l0pht.com. A 14 day fully
functional trial version and full documentation are available for download
at
http://www.l0pht.com/antisniff/.
About L0pht Heavy Industries
L0pht Heavy Industries is a world renowned computer security think tank.
Founded in 1992 as a computer research facility, the L0pht has grown
into a leader in the field of computer security software. The L0pht's
products include L0phtCrack, the industry standard NT password strength
auditing tool. As a result of their innovative security research, the
L0pht has released dozens of computer security advisories to the
Internet community, warning of dangerous vulnerabilities in today's most
widely used software. Many at the L0pht are considered top experts in
the computer security field and have appeared on numerous network news
programs and documentaries, as well as having testified about government
computer security for the U.S. Senate. Visit the L0pht's web site at
http://www.l0pht.com.
All trademarks and registered trademarks are the property of their
respective holders.
|