The new detections are part of RFprotect's Advanced Rogue Analysis module for mobile 802.11 devices. The module alerts network administrators of inappropriate activity.
The system monitors each wireless device's activity, matching patterns of behavior to those indicating a worm attack. Network Chemistry claimed this behavior analysis is superior to signature analysis in that it can detect unknown (i.e., zero-day) attacks, and that RFprotect is the first product to detect and mitigate mobile-to-mobile worm attacks. Mobile 802.11 devices, the company added, are "highly susceptible" to malware infections.
The RFprotect system is designed to detect all wireless-specific vulnerabilities, rogues, reconnaissance, and attacks. It monitors all 802.11 bands (including 802.11b and 802.11g in the 2.4GHz band and 802.11a in the 5GHz band), utilizing deep packet inspection and analysis. Acquired information is forwarded to a central server, where it is compared with information from other sensors and analyzed for intrusions.
The sensor features a 10/100 Ethernet interface, dual dipole antennas, and support for TCP/IP, DHCP, TFTP, SNMP, and TZSP protocols. The server engine works with any platform supporting GNU C Compiler (including Windows, Linux, and Macintosh).
Wireless worm detection support is included in the latest RFprotect release and is available free of charge to customers with maintenance subscriptions. RFprotect Sensor hardware starts at $599; RFprotect Client-Service software, at $2,499.
