Detection of hidden wireless routers
First Claim
Patent Images
1. A method comprising:
- receiving a protocol data unit that comprises a destination address; and
transmitting an alarm when said destination address is not associated with a secure access server.
22 Assignments
0 Petitions
Accused Products
Abstract
A technique is disclosed for detecting hidden wireless routers that constitute security threats in telecommunications networks that comprise a wireless network portion and a wireline network portion. In accordance with the illustrative embodiment of the invention, a test station is used in the wireless portion of a network to detect the presence of a hidden wireless router. Furthermore, in some embodiments, a test server is used in the wireline portion of the network in order to detect packets that are illegitimately routed from the wireless portion to the wireline portion of the network through the hidden wireless router.
29 Citations
17 Claims
-
1. A method comprising:
-
receiving a protocol data unit that comprises a destination address; and
transmitting an alarm when said destination address is not associated with a secure access server. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
(a) receiving a protocol data unit that comprises a data link layer destination address and a network layer destination address; and
(b) transmitting an alarm when;
(i) said data link layer destination address is not associated with a secure access server, and (ii) said network layer destination address is not associated with said secure access server. - View Dependent Claims (7)
-
-
8. A method comprising:
-
receiving in a first network a protocol data unit that comprises a network layer destination address; and
transmitting an alarm when said network layer destination address is a network layer address in a second network. - View Dependent Claims (9)
-
-
10. A method comprising:
-
receiving a first protocol data unit that comprises a data link layer destination address and a first network layer destination address;
receiving a second protocol data unit that comprises said data link layer destination address and a second network layer destination address; and
triggering an alarm when said data link layer address is different than the data link layer addresses of all authorized routers and said first network layer destination address is different than said second network layer destination address. - View Dependent Claims (11)
-
-
12. A method comprising:
-
receiving a protocol data unit that comprises a data link layer destination address and a network layer destination address; and
triggering an alarm when said data link layer destination address is associated with a different device than is said network layer destination address. - View Dependent Claims (13)
-
-
14. A method comprising:
-
deploying a first station in a first network;
deploying a server in a second network connected to said first network through a secure access server;
transmitting from said first station a protocol data unit addressed to a second station in said first network, wherein said protocol data unit comprises an address of said server; and
triggering an alarm if said protocol data unit is received at said server. - View Dependent Claims (15, 16, 17)
-
Specification