[14484] in bugtraq
The Sentinel Project
daemon@ATHENA.MIT.EDU (Marshall)
Thu Apr 6 19:09:32 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38ED088A.81D075DE@cts.com>
Date: Thu, 6 Apr 2000 14:58:34 -0700
Reply-To: Marshall <bind@CTS.COM>
From: Marshall <bind@CTS.COM>
X-To: "BUGTRAQ@SECURITYFOCUS.COM" <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Hello,
Sentinel, a new utility for use of remote promiscuous detection, has
been released. The Sentinel project is designed to be a portable
accurate implementation of all publicly known remote promiscuous
detection
techniques. Sentinel currently supports 3 methods of detection: DNS
tests, ARP tests, and ICMP Etherping tests. ICMP Ping latency tests are
still under development.
Sentinel was was developed under OpenBSD 2.6 and the majority of
testing targeted a Linux 2.2.14 machine in promiscuous mode. During the
development of Sentinel, I discovered that etherping testing which was
known only to work against older linux kernels still does work in the
2.2.x kernels.
Differences between Antisniff & Sentinel in the same environment:
* DNS Testing: Sentinel was successful in detecting the machine
running a sniffer, Antisniff was not.
* Etherping Testing: Sentinel was successful in detecting the 2.2.14
machine in promiscuous mode and by
default, Antisniff was not.
* Antisniff supports ping latency tests, which Sentinel currently does
not. Although, Antisniff's ping
latency test was unable to detect a machine in promiscuous mode.
Sentinel Homepage: http://www.packetfactory.net/Projects/sentinel
-bind
