What’s SniffJoke ?
An internet client running SniffJoke injects in the transmission flow some packets able to seriously disturb passive analysis like sniffing, interception and low level information theft. No server supports needed!
Why is this possible ?
The internet protocols have been developed to allow two elements to communicate, not some third-parts to intercept their communication. This will happen, but the communication system has been not developed with this objective.
SniffJoke uses the network protocol in a permitted way, exploiting the implicit difference of network stack present in an operating system respect the sniffers dissector.
Main concept of SniffJoke
This project aims to exploit the unreliability of the passive protocol reassembly: because the network data is not enought to assure a correct reassembly, a legit use of the network protocol will strongly disrupt the existing software.
A third party will fall in some “ambiguity” when reading passive packets: will never be 100% sure that a packet will be accepted or rejected by the peers under monitoring. using and abusing of this unreliability will bring the wrong rebuilding of the transmission.
Goal of SniffJoke
be a modular framework useful for easy development and usage of technology able to disrupt passive protocol reassembly at every layer. the release 0.4 only bring attack at IP and TCP/UDP layer, in the next release we plan an escalation.
exploiting the swiftness of the network supports, the differencies of every ISP configuration and (not yet implemented) of the Operating System TCP/IP stack differencies, sniffjoke put the sniffers under the difficult option of: drop every packets that have something weird, in order to follow the growning bandwidth and the demaning hardware requests, or to improve analysis, expeding CPU and time, and implictly increase the costs per megabit. this will demotivate massive sniffing from evil entities.