IDS mailing list archives
RogueScanner 2.5 Released - Open Source Device Classification
From: "Waters, Chris" <cwaters () networkchemistry com>
Date: Mon, 30 Apr 2007 13:33:54 -0400
Hi, I am pleased to announce the release of RogueScanner 2.5. RogueScanner is a network security tool for automatically discovering rogue wireless access points by scanning a wired network. It can also find and classify all other network connected devices like printers, routers, Web cameras, and PCs. If you are curious about how RogueScanner works, I will be giving a free webinar on how RogueScanner finds and classifies devices and why it works better than previous device classification techniques. The webinar will take place on Wednesday June 9th at 2PM EDT. You can register to attend and find more information here http://www.iian.ibeam.com/events/netw001/22286/. RogueScanner is released under the GPL and source and windows binary versions can be downloaded from http://roguescanner.networkchemistry.net/ or Sourceforge. This release adds a number of new scanning features, in particular CDP support. The complete list of changes is: + Added support for parsing routes under from IOS CLI. + Added support for dumping Cisco device CDP cache via both SNMP and CLI (IOS and CatOS). + Added support for sniffing CDP broadcasts off the wire. + CDP information is now submitted to the classification server and used for classification. + Added FTP (21/TCP) to ports that are probed if open. + Duplicate subnet ARP scans are prevented from running concurrently. + Service probes are prevented from taking longer than 30 seconds. + Addresses at the beginning and ending of a range are skipped in ping scans if their last octets end in 0 or 255 respectively. + If an IP/netmask is specified in the configuration file, but the selected adapter isn't configured with that IP/netmask, then fallback to using that adapter for scanning with whatever IP/netmask it is configured with. + Fixed issue where the minimum length being used for a TCP datagram in a bounds-check was too low. + Fixed a similar issue when dealing with ICMP port unreachable datagrams. Regards, Chris Waters CTO, PhD Network Chemistry, Inc chris.waters () networkchemistry com www.networkchemistry.com www.wve.org ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- RogueScanner 2.5 Released - Open Source Device Classification Waters, Chris (May 01)