The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Network Chemistry RogueScanner

Posted by Xavier Ashe on July 17, 2006

Wireless security firm Network Chemistry recently released a cross-platform, free software security tool called RogueScanner in conjunction with its wireless network protection package RFprotect. RogueScanner, licensed under the GPL and the latest of three free software security modules available from Network Chemistry, allows you to monitor your network for rogue wireless devices. Release 1.0 comes in both Windows and Linux versions.

RogueScanner works using collaborative classification.
Classification decisions are made by a central server which learns
based on previous classifications it has performed. This means that classification accuracy will improve over time.

If RogueScanner doesn't classify your devices accurately the first time you run it, don't despair. Run it again in a few days and you should see more accurate results.

RogueScanner
collects information from devices on your network (which we call
evidence) and uses this evidence to make classification decisions. The
evidence collected includes:

  • The IP address and MAC address.
  • What TCP and UDP ports are open.
  • How the device responds to common network requests like a serving a web-page, telnet or SNMP.
  • The DNS or Netbios name used by the device.

This information is sent to the classification server over an SSL encrypted link. No identifying information is stored by the server. For example, it doesn't store the request IP address together with the evidence.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: