How to detect serial port sniffer?
Is it possible to detect if some serial port is being sniffed by another process running on Wind开发者_如何学JAVAows?
We have an application that receives some sensitive data that cannot be read by other people. So, before opening the serial port, we need to check if the port is being monitored.
We can use the CreateFile
Windows API function to open the serial port with exclusive access rights, but if the monitor runs before our call, it can read all the communication (it opens the serial port with shared access rights, so we can open the port at the same time). To avoid this, the attempt is to check if the port is being monitored and raise an exception, warning the user. Is it possible to do this?
Port sniffing requires a filter driver, like SysInternals' PortMon utility. You are taking the wrong kind of approach to secure your application. When somebody can install a filter driver, the attacker has more than enough privileges to completely disable your app and replace it with something else of his own making. Trying to detect and prevent information loss through your app is pointless, the system itself has to be secured. A serial port is probably the first thing you'll have to lose, it is trivial to tap its wires.
Rather than lose the serial port why not encrypt your data. This assumes that both the DTE and DCE are programmable.
精彩评论