SniffJoke
Abstract
SniffJoke is a framework able to defeat passive sniffing in the networks.
The evasion technology, anti sniffing techniques, etc, has been known
since the 1998, but an implementation able to work transparently in a
gateway or in a client has lacked until sniffjoke.
the main technological trouble is make an userspace software able to
delay, mangle and filter the packets sent by kernel. some research
exists in the underground, but neither stable nor portable.
Sj is a module based framework and the community support in developing
anti-sniffer plugins will be a nice achievement in the fight against the
data retention, beside a new IT-security challenge.
it act only client side, detect in your network environment which
technique is able to (ab)use, and the receiver will not present any kind
of malfunction. Every open source sniffer, packet decoder, flow
analyzer, etc, is resulted unable to reassembly correctly the sniffjoke
traffic.
is not a security by obscurity technology, and thus the sniffer could
not "be simple patched". one of the project motto is: "transform
multigigabit sniffer into multikilobit".
develop started in the 2007 by vecna, in the 2010 evilaliv3 has joined
the project and in two developer we almost stabilized the 0.4 release.
in this month has been added in the backtrack5 distribution, and soon
will be released.
Speaker
vecna of s0ftpj
|