Method and system for detecting unauthorized hardware devices

US 20050050357A1
Filed: 09/02/2003
Published: 03/03/2005
Est. Priority Date: 09/02/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for detecting unauthorized hardware devices in a local area network, comprising steps of:

scanning ports of a plurality of hardware devices to retrieve MAC addresses thereof;

filtering an uplink port on each of the hardware devices to acquire a first MAC address list;

calculating the number of MAC addresses of the filtered ports to acquire a second MAC address list; and

subtracting the number of ports with more than two MAC addresses on the first MAC address list from the number of ports with more than two MAC addresses on the second MAC address list, thereby obtaining at least one unauthorized MAC address.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for detecting unauthorized hardware devices in a local area network. A device detection unit scans ports of network devices to calculate the number of ports with more than two MAC addresses. A device processing unit subtracts the number of ports with more than two authorized MAC addresses from the number of total ports (including authorized and unauthorized) with more than two MAC addresses to obtain a listing of unauthorized MAC addresses, and thereby ascertain identities of unauthorized hardware devices.

24 Citations

View as Search Results

16 Claims

1. A method for detecting unauthorized hardware devices in a local area network, comprising steps of:
- scanning ports of a plurality of hardware devices to retrieve MAC addresses thereof;
  
  filtering an uplink port on each of the hardware devices to acquire a first MAC address list;
  
  calculating the number of MAC addresses of the filtered ports to acquire a second MAC address list; and
  
  subtracting the number of ports with more than two MAC addresses on the first MAC address list from the number of ports with more than two MAC addresses on the second MAC address list, thereby obtaining at least one unauthorized MAC address.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as claimed in claim 1, further comprising steps of:
    - comparing the MAC addresses of the unauthorized hardware devices with MAC addresses in a routing entry table to obtain Internet Protocol (IP) addresses of the unauthorized hardware devices; and
      
      acquiring user information for the unauthorized hardware devices by SNMP or WINS services in accordance with the IP address of the unauthorized hardware devices.
  - 3. The method as claimed in claim 1, wherein in the scanning step, the ports of the authorized hardware devices are recursively scanned by one of the authorized network devices.
  - 4. The method as claimed in claim 1, wherein in the scanning step, the MAC addresses of authorized hardware devices are stored in a database.
  - 5. The method as claimed in claim 1, wherein in the scanning step, the ports of authorized network devices are scanned by simple network management protocol.
  - 6. The method as claimed in claim 1, wherein a simple network management protocol is used in the calculating step.

7. A system for detecting unauthorized hardware devices in a local area network, comprising:
- a device detection unit for scanning a plurality of ports of a plurality of hardware devices to retrieve MAC addresses thereof, filtering an uplink port of each hardware device to acquire a first MAC address list, and calculating the number of MAC addresses of the ports of the network devices to acquire a second MAC address list; and
  
  a device processing unit, coupled with the device detection unit, for subtracting the number of ports with more than two MAC addresses on the first MAC address list from the number of ports with more than two MAC addresses on the second MAC address list, thereby obtaining at least one unauthorized MAC address.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system as claimed in claim 7, wherein the device processing unit compares the MAC addresses of the unauthorized hardware devices with MAC addresses in a routing entry table to obtain Internet Protocol (IP) addresses of unauthorized hardware devices, and acquire user information of the unauthorized hardware devices by SNMP or WINS services.
  - 9. The system as claimed in claim 7, wherein the device detection unit recursively scans the ports of the hardware devices.
  - 10. The system as claimed in claim 7, wherein the device detection unit stores the MAC addresses of the hardware devices in a database.
  - 11. The system as claimed in claim 7, wherein the device detection unit scans the ports of the network devices by simple network management protocol.

12. A storage medium containing a stored computer program providing a method for detecting unauthorized hardware devices, comprising using a computer to perform the steps of:
- scanning a plurality of ports of a plurality of hardware devices to retrieve MAC addresses thereof;
  
  filtering an uplink port of each hardware device to acquire a first MAC address list;
  
  calculating the number of MAC addresses of the ports of the network devices to acquire a second MAC address list; and
  
  subtracting the number of ports with more than two MAC addresses on the first MAC address list from the number of ports with more than two MAC addresses on the second MAC address list, thereby obtaining at least one unauthorized MAC address.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The storage medium as claimed in claim 12, further comprising steps of:
    - comparing the MAC addresses of the unauthorized hardware devices with MAC addresses in a routing entry table to obtain Internet Protocol (IP) addresses of unauthorized hardware devices; and
      
      acquiring user information of the unauthorized hardware devices by SNMP or WINS services in accordance with the IP address of the unauthorized hardware devices.
  - 14. The storage medium as claimed in claim 12, wherein the ports of the hardware devices are recursively scanned by one of the authorized network devices.
  - 15. The storage medium as claimed in claim 12, wherein the MAC addresses of the hardware devices are stored in a database.
  - 16. The storage medium as claimed in claim 12, wherein the ports of the network devices are scanned by simple network management protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Taiwan Semiconductor Manufacturing Company Limited
Original Assignee
Taiwan Semiconductor Manufacturing Company Limited
Inventors
Jeng, Su-Huei, Dai, Cuang-Liang

Application Number

US10/653,302
Publication Number

US 20050050357A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/046   comprising network manageme...

H04L 41/12   Discovery or management of ...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/101   Access control lists [ACL]

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

Method and system for detecting unauthorized hardware devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for detecting unauthorized hardware devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links