Method, apparatus, and software product for detecting rogue access points in a wireless network
First Claim
1. A method comprising:
- maintaining an AP database that includes information about managed access point (APs) and friendly APs of a wireless network, including the MAC address of each managed AP;
sending a scan request to one or more managed APs of the wireless network, the scan request including one or more of a request for the receiving managed AP to scan for beacons and probe responses and a request for the receiving managed AP to request the AP'"'"'s clients to scan for beacons and probe responses;
receiving reports from at least one of the receiving managed APs, a report including information on any beacon or probe response received that was sent by an AP, including the MAC address of the beacon/probe response sending AP; and
for each beacon or probe response on which information is received;
analyzing the information received in the report about the AP that sent the beacon or probe response, the analyzing including ascertaining if the MAC address of the AP that sent the beacon or probe response matches a MAC address of an AP in the AP database to ascertain whether or not the AP is a potential rogue AP or a managed or friendly AP.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, an apparatus, and a software program to implement a method to detect a rogue access point of a wireless network. The method includes maintaining an AP database that includes information about managed access point (APs) and friendly APs, including the MAC address of each managed AP. The method further includes sending a scan request to one or more managed APs, including one or more of a request for the receiving managed AP to scan for beacons and probe responses and a request for the receiving managed AP to request its clients to scan for beacons and probe responses. The method further includes receiving reports from at least one of the receiving managed APs, a report including information on any beacon or probe response received that was sent by an AP. For each beacon or probe response on which information is received, the method analyzes the information received in the report about the AP that sent the beacon or probe response, the analyzing including ascertaining if the MAC address of the AP that sent the beacon or probe response matches a MAC address of an AP in the AP database to ascertain whether or not the AP is a potential rogue AP or a managed or friendly AP.
179 Citations
29 Claims
-
1. A method comprising:
-
maintaining an AP database that includes information about managed access point (APs) and friendly APs of a wireless network, including the MAC address of each managed AP;
sending a scan request to one or more managed APs of the wireless network, the scan request including one or more of a request for the receiving managed AP to scan for beacons and probe responses and a request for the receiving managed AP to request the AP'"'"'s clients to scan for beacons and probe responses;
receiving reports from at least one of the receiving managed APs, a report including information on any beacon or probe response received that was sent by an AP, including the MAC address of the beacon/probe response sending AP; and
for each beacon or probe response on which information is received;
analyzing the information received in the report about the AP that sent the beacon or probe response, the analyzing including ascertaining if the MAC address of the AP that sent the beacon or probe response matches a MAC address of an AP in the AP database to ascertain whether or not the AP is a potential rogue AP or a managed or friendly AP. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
receiving a scan request at an AP of a wireless network to scan for beacons and probe responses, the request received from a WLAN manager managing a set of managed APs and client stations of the managed APs, the managing including maintaining an AP database that contains information about managed APs and friendly APs of the wireless network, the information in the AP database including the MAC address of each managed AP;
one or both of listening for beacons and probe responses at the AP receiving the scan request or sending a client request to one or more client stations associated with the AP receiving the scan request to listen for beacons and probe responses;
in the case that a client request was sent, receiving a client report at the AP from at least one of the wireless stations to which the client request was sent, the client report including information on any beacon or probe response received from a potential rogue AP; and
sending a scan report to the WLAN manager including information on any beacon or probe response received from a potential rogue AP by the AP receiving the scan request or in the case that a client request was sent, by any client stations from a report was received, the information including the MAC address of the potential rogue AP. such that for each beacon or probe response on which information is received at the WLAN manager, analyzing the information received in the report about the potential rogue AP that sent the beacon or probe response, including ascertaining if the MAC address of the potential rogue AP matches a MAC address of an AP in the AP database leads to ascertaining whether or not the potential AP is likely to be a rogue AP. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
-
26. A carrier medium carrying one or more computer-readable code segments to instruct one or more processors of a processing system to execute a method comprising:
-
maintaining an AP database that includes information about managed access point (APs) and friendly APs of a wireless network, including the MAC address of each managed AP;
sending a scan request to one or more managed APs of the wireless network, the scan request including one or more of a request for the receiving managed AP to scan for beacons and probe responses and a request for the receiving managed AP to request the AP'"'"'s clients to scan for beacons and probe responses;
receiving reports from at least one of the receiving managed APs, a report including information on any beacon or probe response received that was sent by an AP, including the MAC address of the beacon/probe response sending the AP; and
for each beacon or probe response on which information is received, analyzing the information received in the report about the AP that sent the beacon or probe response, the analyzing including ascertaining if the MAC address of the AP that sent the beacon or probe response matches a MAC address of an AP in the AP database to ascertain whether or not the AP is a potential rogue AP or a managed or friendly AP.
-
-
27. A carrier medium carrying one or more computer-readable code segments to instruct one or more processors of a processing system to execute a method at an AP of a wireless network comprising:
-
receiving a scan request to scan for beacons and probe responses, the request received from a WLAN manager managing a set of managed APs and client stations of the managed APs, the managing including maintaining an AP database that contains information about managed APs and friendly APs of the wireless network, including the MAC address of each managed AP;
one or both of listening for beacons and probe responses at the AP receiving the scan request or sending a client request to one or more client stations of the AP receiving the scan request to listen for beacons and probe responses;
in the case that a client request was sent, receiving a client report from at least one of the wireless stations to which the client request was sent, the client report including information on any beacon or probe response received from a potential rogue AP; and
sending a scan report to the WLAN manager including information on any beacon or probe response received from a potential rogue AP by the AP receiving the scan request or, in the case that a client request was sent by any client stations from which a report was received, the scan report including the MAC address of any AP whose beacon/probe response was received, such that for each beacon or probe response on which information is received at the WLAN manager, analyzing the information received in the report about the potential rogue AP that sent the beacon or probe response, including ascertaining if the MAC address of the potential rogue AP matches a MAC address of an AP in the AP database leads to ascertaining whether or not the potential AP is likely to be a rogue AP.
-
-
28. An apparatus comprising:
-
a processing system including a memory and a network interface to couple the apparatus to a network, the network including a set of managed access points (APs) of a wireless network, and an AP database coupled to the processing system and containing information about the managed access point and friendly APs of the wireless network, the processing system programmed to;
send a scan request to one or more managed APs of the wireless network, the scan request including one or more of a request for the receiving managed AP to scan for beacons and probe responses and a request for the receiving managed AP to request the AP'"'"'s clients to scan for beacons and probe responses;
receive reports from at least one of the receiving managed APs, a report including information on any beacon or probe response received that was sent by an AP, including the MAC address of any AP whose beacon/probe response was received; and
for each beacon or probe response on which information is received, analyze the information received in the report about the AP that sent the beacon or probe response, the analyzing including ascertaining if the MAC address of the AP that sent the beacon or probe response matches a MAC address of an AP in the AP database to ascertain whether or not the AP is a potential rogue AP or a managed or friendly AP.
-
-
29. An access point (AP) for a wireless network, the access point comprising:
-
a processing system including a memory;
a network interface to couple the access point to a network;
a wireless transceiver coupled to the processing system to implement the PHY of a wireless station the processing system including a MAC processor and programmed;
to receive a scan request to scan for beacons and probe responses, the request received via the network interface from a WLAN manager coupled to the network and managing a set of managed APs and client stations of the managed APs, the managing including maintaining an AP database that contains information about managed APs and friendly APs of the wireless network, including the MAC address of each managed AP;
one or both of to listen for beacons and probe responses via the PHY or to send a client request via the PHY to one or more client stations associated with the AP to listen for beacons and probe responses;
in the case that a client request was sent, to receive a client report from at least one of the client stations to which the client request was sent, the client report including information on any beacon or probe response received at the client station from a potential rogue AP; and
to send a scan report to the WLAN manager via the network interface, including information on any beacon or probe response received from a potential rogue AP by the AP receiving the scan request or in the case that a client request was sent, by any client stations from a report was received, the scan report including the MAC address of any AP whose beacon/probe response was received, such that for each beacon or probe response on which information is received at the WLAN manager, analyzing the information received in the report about the potential rogue AP that sent the beacon or probe response, including ascertaining if the MAC address of the potential rogue AP matches a MAC address of an AP in the AP database leads to ascertaining whether or not the potential AP is likely to be a rogue AP.
-
Specification