Anti-Sniff software inadequate - BugTraq

Anti-probing software released by hacking group L0pht Industries on Friday has been attacked as inadequate by contributors to the well-respected security forum BugTraq at SecurityFocus.com

One security expert from the Electronic Computer Science Department at Southampton University criticises the program "Anti-Sniff" for only detecting behaviour associated with sniffing, rather than sniffing itself. He says "If Anti-Sniff becomes popular, I'd estimate only a few months grace before Black Hats [hackers/crackers] have made a reduced-functionality sniffer which slips under Anti-Sniff's radar. I don't have any use for such a tool, but if I did I doubt I'd need more than a week or two to get it right."

Another source who requested anonymity agrees that the program has various shortcomings, but claims it is adequate. "Anti-sniff will detect most cases of sniffing attacks," the source says. "And it is the first integrated graphical tool to do it so well, and as such it is really a 'must have' tool."

Anti-Sniff was released in Beta format on Friday but L0pht says a full version of the product will soon be available at an undecided price for Windows and free for Unix.

The current trend for hackers to produce their own security software was pioneered by the virus writing group Cult of the Dead Cow which released its own "remote system administrative tool" Back Orifice 2000, earlier this month.

Take me to Hackers