[beardednose]

From an email I received (see my comments after the blurb):

eEye Launches Free Retina WiFi Scanner to Address the Growing Business Concern of Wireless Network Security

eEye� announced today the availability of Retina� WiFi, a free network scanning utility that detects the presence of wireless devices located within the network or connected wirelessly to the network. This tool will detect rogue mobile devices and transmitting laptops, and with its advanced reporting capabilities, provide the means for businesses to assess their wireless security posture.

For security and IT professionals who are responsible for securing their corporate computing environment and are concerned about wireless access within their environment, the Retina WiFi Scanner is a wireless device scanning tool that provides a real-time view of their network�s wireless security posture.

Retina WiFi Scanner enables you to:

- Detect and locate Wireless Access Points � including rogue devices and misconfigured laptops � attached to your network
- Know who is accessing your network via the wireless devices attached to it.
- Perform mobile scans across your entire premises using Retina WiFi on a Pocket PC.
- Generate detailed reports on the status of your wireless security and, when deployed in a REM environment, roll up the data to a centralized security management console (Windows version only)
- Strengthen and secure your wireless network performance


Integrated Reporting With REM Security Management Console

Retina WiFi assesses networks for the location of wireless devices and summarizes the results in a wireless security status report. Reporting metrics may be aggregated within the REM Security Management Console as part of an overall vulnerability management solution. As a result, Retina WiFi allows organizations to detect and locate Wireless Access Points, including rogue devices and misconfigured laptops, attached to enterprise networks.

BN's COMMENTS:

- Get the tool at hxxp://www.eeye.com/html/resources/downloads/wifi/index.html
Since I registered with my corporate address (see next item), I didn't attach the tool or the links, as I don't know if they "trace" the tools or anything. Paranoid, I know. Someone else get it and upload it...

- Getting the tool requires a corporate email address. Not sure whether they verify this. Somebody try it with yahoo, msn, and lesser known addresses and report back.
- When you register, you can download their other free tools also.
- The GUI is a little non-intuitive IMHO and the whole thing seems a little quirky: 1) my cisco 350 a/b card worked fine, but my cisco 350 a/b/g worked a little and then the app would freak. 2) It didn't detect some of my cisco APs, but perhaps I passed them too fast and it was scanning other channels--but kismet and stumbler don't do that.
- The reports are very nice.
- You can put in the MACs of your trusted devices and it will alert you to any devices not on your list.
- You can only generate a report after you stop scanning. I don't like that, but it's workable. You can then continue scanning and add to the report.
- It has a wep key crack feature, but you have to load the "keys" in yourself.
- MAKE SURE YOU READ THE license info. The SW may have disablers and report back to an Eeye server, etc.

Check it out and let me know what you think!

Attached File(s)

•  Eeye.jpg (859bytes)
  Number of downloads: 417

[andydis]

hey BN ,


i got this in an email too, havnt time today to installl and test , so was thinking about doing it at the weekend, eeye certainly are on the ball so wudnt be surprised if they have report back features :-)

[belgther]

as far as i know, retina had a wireless scanner like netstumbler since version 5, even in a trial version, this scanner had also a simple WEP bruteforcer, and it even worked in my wlan card... Is it meant there?

[wd_stroke]

tried with yahoo, msn, gmail and dodgeit...wouldn't go through. I put in my military email and got the link.

here's the link. Don't know how long it will last.

http://www.eeye.com/html/Research/Tools/exe/RetinaWiFi.exe

[exobot]

Pookmail works, try that - just got the mail now.

hxxp://www.pookmail.com

[belgther]

I personally didn't like it, i would prefer netstumbler because it has no difference except a wep bruteforcer, and it can be got effortlessly... And I personally find WEP bruting senseless, since WEP can be cracked easily, and there are lots of documents about it...

[inko.gnito]

for those you want to try out the Pocket PC version:

hxxp://www.eeye.com/html/Research/Tools/exe/RetinaWiFiPoc.exe

[myth]

Netstumbler never worked with my HP IPAQ Pocket PC

well, atleast the version of NS i tried

using WiFiFoFum atm, but will give Retina a try, see if its any better, but i think the basics are all i need for my pda as nix is alot more powerful for when vulnerable servers a found

the trusted MAC addys looks useful though

[beardednose]

Quote

I personally didn't like it, i would prefer netstumbler because it has no difference except a wep bruteforcer,

I have to agree with that. However, it does have nice reports and the ability to put in MACs that are authorized so that you only detect those that aren't.

[exobot]

WiFiFoFum is pretty neat, however the positioning system is always off on mine - it's roughly the right distance, just rotated rounda bit :/ .

On topic, it's not that bad - however it has a really annoying cosmetic bug where in the list on AP's it finds, on 1024x768 it only displays one at a time, which is actually quite pissing off tbh...

[BillyJawz]

Did try that tool on a laptop.
Works great except that an annoying GUI bug (for screen res lower than 1024) hides WLAN found (showing SSID, signal etc). A quick resize of the window fixes it.

Reports are very handy when you need to inform your customers about their WLAN security.

[UFcen2000]

Just remember that NetStumbler is an ACTIVE monitoring application... NOT PASSIVE! Depending on the the type of auditing you are doing this may be very important to remember. The NetStumbler developers made a very conscious decision on that point, making a client wifi card detectable when running application. Airmagnet (for you wind0wz ppl) is a passive monitoring tool, but very $$$.

Is eEye active or passive? I hope thier pda version is better than the YellowJacket software (sheesh.. what a nightmare). I give them kudos for developing software on PDA considering the amazing PITA it is to develop software for handhelds. <_<

[Spookie]

Wireless Tools is a place you may want to visit for a variety of different tools.

Chance to review and compare. Thought you all might enjoy the link.

[dw-chow]

wd_stroke, on Apr 14 2005, 11:15 PM, said:

tried with yahoo, msn, gmail and dodgeit...wouldn't go through. I put in my military email and got the link.

here's the link. Don't know how long it will last.

http://www.eeye.com/html/Research/Tools/exe/RetinaWiFi.exe

<{POST_SNAPBACK}>

to confirm, yeah the link still works. however, i would recommend people just use wget in a bash shell to help keep the # of web browser statistics down. then just use ftp to transfer the files to a win32 system.