IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RogueScanner 2.5 Released - Open Source Device Classification

From: "Waters, Chris" <cwaters () networkchemistry com>
Date: Mon, 30 Apr 2007 13:33:54 -0400
Hi,

I am pleased to announce the release of RogueScanner 2.5. RogueScanner
is a network security tool for automatically discovering rogue wireless
access points by scanning a wired network. It can also find and classify
all other network connected devices like printers, routers, Web cameras,
and PCs.

If you are curious about how RogueScanner works, I will be giving a free
webinar on how RogueScanner finds and classifies devices and why it
works better than previous device classification techniques. The webinar
will take place on Wednesday June 9th at 2PM EDT. You can register to
attend and find more information here
http://www.iian.ibeam.com/events/netw001/22286/.

RogueScanner is released under the GPL and source and windows binary
versions can be downloaded from
http://roguescanner.networkchemistry.net/ or Sourceforge.

This release adds a number of new scanning features, in particular CDP
support. The complete list of changes is:
  + Added support for parsing routes under from IOS CLI.
  + Added support for dumping Cisco device CDP cache via both SNMP and
CLI (IOS and 
    CatOS).
  + Added support for sniffing CDP broadcasts off the wire.
  + CDP information is now submitted to the classification server and
used for
    classification.
  + Added FTP (21/TCP) to ports that are probed if open.
  + Duplicate subnet ARP scans are prevented from running concurrently.
  + Service probes are prevented from taking longer than 30 seconds.
  + Addresses at the beginning and ending of a range are skipped in ping
scans
    if their last octets end in 0 or 255 respectively.
  + If an IP/netmask is specified in the configuration file, but the
selected adapter
    isn't configured with that IP/netmask, then fallback to using that
adapter for
    scanning with whatever IP/netmask it is configured with.
  + Fixed issue where the minimum length being used for a TCP datagram
in a
    bounds-check was too low.
  + Fixed a similar issue when dealing with ICMP port unreachable
datagrams.
        
Regards,

Chris Waters
CTO, PhD
Network Chemistry, Inc
chris.waters () networkchemistry com
www.networkchemistry.com
www.wve.org


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: