|
RogueScanner project is an open-source vulnerability management tool that is used to gain greater network visibility to enable you to quickly identify and remove rogue wireless devices that may provide a back door to access your critical data and infrastructure. Considering that rogue access points and peers represent a major threat to data integrity, RogueScanner is a valuable tool that you can start using today at no cost. More than 300 companies manufacture access points, and there are more than 10,000 different models of network infrastructure. Companies thus face a major challenge in maintaining a system to track and identify all potential rogue wireless devices and in continually scanning the network to identify them. To address this challenge, Network Chemistry has made an open-source product available to help organizations begin to immediately scan their networks. RogueScanner is available for use at no charge by organizations looking for a tool focused on device identification and rogue detection. RogueScanner leverages the Collaborative Device Classification system to automatically lookup and identify the device type and its identity in real time. Whats New in This Release: + Reserved VLANs (1000 < VLAN < 1025) on Cisco devices are not queried. + Capture packets to trace.pcap and perform a hexdump of them in the log file if DEBUG_PACKET is set (debug=0x01 or better). + Promiscuous mode testing is disabled unless ENABLE_SCAN_PROMISC is defined. + The switch/network scanning interval was bumped up to 24 hours. + Attribute data in the EvidenceMap wasnt being printed out correctly (always showed up as "true") when issuing "device detail" commands in the CLI. + Ignore MACs in the bridge table that arent "learned" when querying switches. + *TAnalysisManager::LookupOrCreateDevice() will now refuse to create devices outside "home_net" ranges, thus the IPs wont be scanned even if they are passively observed on the local network. + Ignore our MAC address if a switch reports it to us. + Log timestamps are now in GMT. + Prevent duplicates in the "udp_ports" evidence by using AddEvidence() instead of inserting into the EvidenceMap directly. + Manually invoke Rubys garbage collector after scanning a switch/router. + Added "packet queue size" CLI command to show how many packets are in the AnalysisManagers packet queue. + If a device fails to be classified the classification will be retried automatically in one minute. + All communication with the classification server is performed in a separate thread. + Keep ARP scanning from starving other threads for CPU time by introducing a delay in addition to any that is added by bandwidth throttling. + Replaced internal ARP and routing table on WIN32 systems with functions from the IPHelper API. + Added "device list size" command to show how many devices have been found. + Add read community strings from configured infrastructure devices to the list of strings used when probing unknown devices. + Discard deferred scans if another scan of the same type is already deferred for a device. + Added reporting of DHCP data. + If no scans are pending against a device, but a new port is found open then submit the devices evidence. + Devices are re-scanned whenever a re-occuring ARP/Ping scan is launched. + Added "deferred list" CLI command to show scans that have been deferred. + Added "sniffer status" CLI command to report the number of packets that have been received and dropped. + If we discover the IP of a device that we only knew about the MAC address for, then issue scans against it. + If we see the MAC address associated with an IP change, then re-scan it since its likely to be a different device..
| Requirements: |
No special requirements
|
| Platforms: |
Linux |
| Keyword: |
Added, Arp, Cli, Device, Devices, Mac, Network, Networking, Open-source, Rogue, Roguescanner, System, Vulnerability Management |
| Users rating: |
0/10 |
|
Windows Software
Albina Merfyn - I find this to be really easy to use. I can...
