Boston, MA - August 30, 1999 - L0pht Heavy Industries, a world renowned computer security think tank, today announced the release of its groundbreaking AntiSniff network security software. AntiSniff can detect attackers surreptitiously monitoring a computer network.

"AntiSniff is a whole new breed of network security tool, designed to detect the attack patterns used in compromising a computer network, instead of merely being reactive to already known vulnerabilities.", said Dr. Mudge, Chief Scientist at L0pht Heavy Industries.

AntiSniff, which operates on both Windows NT and UNIX operating systems, will detect remote computers that are packet sniffing, that is, monitoring all network communications.

Network communication can be likened to large group of people standing together in a room and talking. When people talk to each other, others nearby have the ability to listen in. When computers communicate over networks, they normally only listen to communications destined to themselves. However, they also have the ability to enter promiscuous mode, which allows them to listen to communications that are destined to other computers.

When an attacker successfully compromises a computer, they install what is known as a packet sniffer, a tool that puts the computer into promiscuous mode. This allows them to monitor and record all network communications. The private information they gather, such as account names, passwords, credit cards, and even e-mail, is then used to compromise other computers. This is how, from one weak computer in a computer network, many computers, and the information they contain can be compromised. Until now, it has been impossible for network administrators to remotely detect if computers were listening in on all network communications.

L0pht Heavy Industries' AntiSniff stops all this, by giving network administrators and information security professionals the ability to remotely detect computers that are packet sniffing, regardless of the operating system. Dr. Mudge explains, "AntiSniff works by running a number of non intrusive tests, in a variety of fashions, which can determine whether or not a remote computer is listening in on all network communications. Now it is impossible for an attacker who is sniffing to hide."

Mark Loveless, the project manager for Enterprise Security at Burlington Northern Santa Fe Railway had this to say, "We have been using AntiSniff during the beta period, and have found it to perform perfectly. It found every promiscuous device we had on each network segment we tested it on. We use a number of different devices to monitor our network -- AntiSniff gives us the ability to monitor who is doing the monitoring. When it comes to helping detect malicious behavior on the network, AntiSniff has definitely raised the bar."

Current network security tools, such as network scanners, work by probing machines for software that contains bugs or software that's misconfigured. Intrusion Detection Systems (IDS), work by finding malicious signatures in network traffic. AntiSniff, on the other hand, is the first of it's kind. It remotely detects the passive act of eavesdropping on network communications. Machines that have been compromised by publically unknown vulnerabilies will be detected. It will even detect packet sniffers installed by a rogue insider who may have legitimate administrative access to a machine, but should not be monitoring all network traffic.

AntiSniff is currently available for Windows NT, complete with a fully featured graphical interface, report generating tools, and alarm system. It is designed to quickly scan a network or to scan continuously, triggering alarms when a "packet sniffing" machine is detected. The product is priced at $350 per licensed machine. Site licenses and maintenance support are available.

To further the research of the security community as a whole, as they have in previous products, L0pht will be releasing AntiSniff as a UNIX command line tool, complete with full source code. The UNIX version will be free for non-commercial use.

For more information please contact AntiSniff@l0pht.com. A 14 day fully functional trial version and full documentation are available for download at http://www.l0pht.com/antisniff/.

About L0pht Heavy Industries

L0pht Heavy Industries is a world renowned computer security think tank. Founded in 1992 as a computer research facility, the L0pht has grown into a leader in the field of computer security software. The L0pht's products include L0phtCrack, the industry standard NT password strength auditing tool. As a result of their innovative security research, the L0pht has released dozens of computer security advisories to the Internet community, warning of dangerous vulnerabilities in today's most widely used software. Many at the L0pht are considered top experts in the computer security field and have appeared on numerous network news programs and documentaries, as well as having testified about government computer security for the U.S. Senate. Visit the L0pht's web site at http://www.l0pht.com.