L0pht AntiSniff DNS test detected
| antisniff-dnstest (4661) |  Medium Risk |
Description:
The L0pht AntiSniff program is performing a DNS test to scan your network for systems in promiscuous (sniffing) mode.
The AntiSniff program developed by L0pht Heavy Industries determines if a device is listening to traffic on the local network. An attacker could use L0pht AntiSniff to gain information about a network that could be useful in an attack. AntiSniff can detect if an IDS (Intrusion Detection System) is being used on the network, prompting an attacker to use IDS evasion techniques. An attacker could also use L0pht AntiSniff to locate a compromised system that has been placed in promiscuous (sniffing) mode that could be used by the attacker.
Consequences:
Obtain Information
Remedy:
This occurrence may identify a local attacker on your network, because the AntiSniff DNS test can only be performed on a local LAN, not across the Internet. Determine which computer is using L0pht AntiSniff, and determine if it is in compliance with your system policies.
References:
- @stake, Inc./L0pht Heavy Industries, Inc. Web site: AntiSniff Download.
Platforms Affected:
- Various vendors Any application
Reported:
Not available
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net