===================================================================================== CHANGELOG ===================================================================================== * 2.6.0.0 - 6/27/2008 + Changed branding from Network Chemistry to Paglo Labs. + Added gsoapWinInet plugin for WIN32 GUI. Proxy settings are taken from the system-wide settings on Windows. * 2.5.0.0 - 4/27/2007 + Added support for parsing routes under from IOS CLI. + Added support for dumping Cisco device CDP cache via both SNMP and CLI (IOS and CatOS). + Added support for sniffing CDP broadcasts off the wire. + CDP information is now submitted to the classification server and used for classification. + Added FTP (21/TCP) to ports that are probed if open. + Duplicate subnet ARP scans are prevented from running concurrently. + Service probes are prevented from taking longer than 30 seconds. + Addresses at the beginning and ending of a range are skipped in ping scans if their last octets end in 0 or 255 respectively. + If an IP/netmask is specified in the configuration file, but the selected adapter isn't configured with that IP/netmask, then fallback to using that adapter for scanning with whatever IP/netmask it is configured with. + Fixed issue where the minimum length being used for a TCP datagram in a bounds-check was too low. + Fixed a similar issue when dealing with ICMP port unreachable datagrams. * 2.2.0.0 - 3/15/2007 + Reserved VLANs (1000 < VLAN < 1025) on Cisco devices are not queried. + Capture packets to trace.pcap and perform a hexdump of them in the log file if DEBUG_PACKET is set (debug=0x01 or better). + Promiscuous mode testing is disabled unless ENABLE_SCAN_PROMISC is defined. + The switch/network scanning interval was bumped up to 24 hours. + Attribute data in the EvidenceMap wasn't being printed out correctly (always showed up as "true") when issuing "device detail" commands in the CLI. + Ignore MACs in the bridge table that aren't "learned" when querying switches. + *TAnalysisManager::LookupOrCreateDevice() will now refuse to create device's outside "home_net" ranges, thus the IPs won't be scanned even if they are passively observed on the local network. + Ignore our MAC address if a switch reports it to us. + Log timestamps are now in GMT. + Prevent duplicates in the "udp_ports" evidence by using AddEvidence() instead of inserting into the EvidenceMap directly. + Manually invoke Ruby's garbage collector after scanning a switch/router. + Added "packet queue size" CLI command to show how many packets are in the AnalysisManager's packet queue. + If a device fails to be classified the classification will be retried automatically in one minute. + All communication with the classification server is performed in a separate thread. + Keep ARP scanning from starving other threads for CPU time by introducing a delay in addition to any that is added by bandwidth throttling. + Replaced internal ARP and routing table on WIN32 systems with functions from the IPHelper API. + Added "device list size" command to show how many devices have been found. + Add read community strings from configured infrastructure devices to the list of strings used when probing unknown devices. + Discard deferred scans if another scan of the same type is already deferred for a device. + Added reporting of DHCP data. + If no scans are pending against a device, but a new port is found open then submit the device's evidence. + Devices are re-scanned whenever a re-occuring ARP/Ping scan is launched. + Added "deferred list" CLI command to show scans that have been deferred. + Added "sniffer status" CLI command to report the number of packets that have been received and dropped. + If we discover the IP of a device that we only knew about the MAC address for, then issue scans against it. + If we see the MAC address associated with an IP change, then re-scan it since it's likely to be a different device. * 1.2.1.0 - 10/17/06 + Promicuous mode scans are prevented from using an IP corresponding to the sniffer interface. + Promiscuous mode scans are aborted if a suitable IP cannot be found after 255 tries. + Fixed device lookup for promiscuous mode scans on WIN32 systems. * 1.2.0.0 - 9/29/06 + Promiscuous mode scans are less disruptive. A random IP isn't picked until after an ARP scan of the local network has completed and steps are taken to ensure that the IP chosen isn't in use. + Fixed bug where telnet scans were discarding the first character of the banner. + "proxy_host" config option now takes a hostnames or IP addresses. * 1.1.0.0 - 7/17/06 + Fixed parsing of the conf file so that the last line is correctly processed. + Added "bw_limit" config file option -- allows average outgoing bandwidth to be limited to x Kbps. + Added "ignore_hosts" config file option -- a comma separated list of IPs, MACs, or hostnames to ignore when scanning. These devices will be classified solely by MAC address. + Removed --with-gsoap-utils configure option and added --with-wsdl2h-path and --with-soapcpp2-path options to allow their locations to be specified independent of each other. + Promiscuous mode test frames sent by other instances of RogueScanner on the same physical subnet are ignored. + The "iface_address" config option is checked to make sure that the address belongs to the selected interface. + Devices harvested from switch tables that only contain MAC addresses are now solely classified by MAC address. + Added support for connecting to the classification server via an HTTP proxy. + Added support for HTTP proxies that require authentication. * 1.0.0.0 - 5/21/06 + Initial release