Wireless security firm Network Chemistry recently released a cross-platform, free software security tool called RogueScanner in conjunction with its wireless network protection package RFprotect. RogueScanner, licensed under the GPL and the latest of three free software security modules available from Network Chemistry, allows you to monitor your network for rogue wireless devices. Release 1.0 comes in both Windows and Linux versions.
RogueScanner works using collaborative classification.
Classification decisions are made by a central server which learns
based on previous classifications it has performed. This means that classification accuracy will improve over time.
If RogueScanner doesn't classify your devices accurately the first time you run it, don't despair. Run it again in a few days and you should see more accurate results.
collects information from devices on your network (which we call
evidence) and uses this evidence to make classification decisions. The
evidence collected includes:
- The IP address and MAC address.
- What TCP and UDP ports are open.
- How the device responds to common network requests like a serving a web-page, telnet or SNMP.
- The DNS or Netbios name used by the device.
This information is sent to the classification server over an SSL encrypted link. No identifying information is stored by the server. For example, it doesn't store the request IP address together with the evidence.