Automated sniffer apparatus and method for monitoring computer systems for unauthorized access

US 20050259611A1
Filed: 08/31/2004
Published: 11/24/2005
Est. Priority Date: 02/11/2004
Status: Active Grant

First Claim

Patent Images

1. Apparatus for wireless communication including an automated intrusion detection process, the apparatus comprising:

a portable housing, the housing having a length no greater than 1 meter, a width no greater than 1 meter, and a height of no greater than 1 meter;

a processing unit within the housing;

one or more wireless network interface devices within the housing and coupled to the processing unit;

at least one Ethernet network interface device within the housing and coupled to the processing unit;

at least one network connector coupled to the Ethernet network interface device; and

one or more memories within the housing and coupled to the processing unit, the one or more memories including;

a code directed to perform a process for detection of a wireless activity within a selected local geographic region, the wireless activity being derived from at least one authorized device or at least an other device;

a code directed to receiving at least identity information associated with the wireless activity from the detection process in a classification process; and

a code directed to labeling the identity information into at least one of a plurality of categories in the classification process.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for wireless communication including an automated intrusion detection process is provided. The apparatus has a portable housing, which may have a length no greater than 1 meter, a width no greater than 1 meter, and a height of no greater than 1 meter. A processing unit (e.g., CPU) is within the housing. One or more wireless network interface devices are within the housing and are coupled to the processing unit. The apparatus has an Ethernet (or like) network interface device within the housing and coupled to the processing unit. A network connector is coupled to the Ethernet network device. One or more memories are coupled to the processing unit. A code is directed to perform a process for detection of a wireless activity within a selected local geographic region. According to a specific embodiment, the wireless activity is derived from at least one authorized device or at least an other device. A code is directed to receiving at least identity information associated with the wireless activity from the detection process in a classification process. A code is directed to labeling the identity information into at least one of a plurality of categories in the classification process. Depending upon the embodiment, other codes may exist to carry out the functionality described herein.

119 Citations

View as Search Results

20 Claims

1. Apparatus for wireless communication including an automated intrusion detection process, the apparatus comprising:
- a portable housing, the housing having a length no greater than 1 meter, a width no greater than 1 meter, and a height of no greater than 1 meter;
  
  a processing unit within the housing;
  
  one or more wireless network interface devices within the housing and coupled to the processing unit;
  
  at least one Ethernet network interface device within the housing and coupled to the processing unit;
  
  at least one network connector coupled to the Ethernet network interface device; and
  
  one or more memories within the housing and coupled to the processing unit, the one or more memories including;
  
  a code directed to perform a process for detection of a wireless activity within a selected local geographic region, the wireless activity being derived from at least one authorized device or at least an other device;
  
  a code directed to receiving at least identity information associated with the wireless activity from the detection process in a classification process; and
  
  a code directed to labeling the identity information into at least one of a plurality of categories in the classification process.
- View Dependent Claims (2, 3, 4, 19)
- - 2. The apparatus of claim 1 further comprising at least one indicator provided on the housing, the indicator being coupled to the processing device, the indicator being able to output one or more indications based upon at least the identity information.
  - 3. The apparatus of claim 2 further comprising a code directed to transferring an indication associated with the identify information to a prevention process, the code being in one or more of the memories.
  - 4. The apparatus of claim 3 further comprising a code directed to performing the prevention process.
  - 19. The method of claim 1 wherein the first device type is associated with a no active device detected state, the second device type is associated with at least one active device detected state;
    - and further comprising outputting a third output indication associated with a third device type, the third device type being associated with an all authorized device state and/or outputting a fourth output indication associated with a fourth device type, the fourth device type being associated with an unauthorized device state and/or outputting a fifth output device indication associated with a fifth device type, the fifth device type being associated with an unauthorized device state actively communicating.

5. A wireless sniffer apparatus including an automated intrusion detection process, the apparatus comprising:
- a housing, the housing having a length no greater than a first dimension, a width no greater than a second dimension, and a height of no greater than a third dimension;
  
  a processing unit within the housing;
  
  one or more wireless network interface devices within the housing and coupled to the processing unit;
  
  one or more antennas coupled to the one or more wireless network interface devices, the one or more antennas being adapted to protrude outside of a portion of the housing or being adapted to be completely within the housing or a portion of the one or more antennas are within the housing and a portion of the one or more antennas are outside of the housing;
  
  at least one Ethernet network interface device within the housing and coupled to the processing unit;
  
  at least one network connector coupled to the Ethernet network interface device; and
  
  one or more memories within the housing and coupled to the processing unit, the one or more memories including;
  
  a code directed to perform a process for detection of a wireless activity within a selected local geographic region, the wireless activity being derived from at least one authorized device or at least an other device;
  
  a code directed to receiving at least identity information associated with the wireless activity from the detection process in a classification process; and
  
  a code directed to labeling the identity information into at least one of a plurality of categories in the classification process; and
  
  a code directed to testing connectivity of at least the other device associated with the detected wireless activity to a local area network within the selected local geographic region;
  
  a first output indication coupled to the housing, the first output indication being associated with a first device type; and
  
  a second output indication coupled to the housing, the second output indication being associated with a second device type.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 6. Apparatus of claim 5 further comprising a third output indication coupled to the housing, the third output indication being associated with a third device type.
  - 7. Apparatus of claim 5 wherein the processor having a clock speed of more than 10 MHz.
  - 8. Apparatus of claim 5 wherein the one or more memories comprises at least a 8 Megabit Flash Memory.
  - 9. Apparatus of claim 5 wherein the one or more memories comprises at least a 16 Megabit DRAM device.
  - 10. Apparatus of claim 5 wherein the processing unit is operable with a Linux operating system or a real time operating system.
  - 11. Apparatus of claim 5 wherein the first dimension is less than 40 centimeters, the second dimension is less than 25 centimeters, and the third dimension is less than 10 centimeters.
  - 12. Apparatus of claim 5 wherein the one or more wireless interface devices comprise a first wireless interface device and a second wireless interface device, whereupon the first wireless device and the second wireless device are operable during a predetermined portion of time, each of the first wireless device and the second wireless device being under control of a software.
  - 13. Apparatus of claim 5 wherein the housing is free from a hard disk drive unit.
  - 14. Apparatus of claim 5 wherein the housing is free from any PC type keyboard interface device.
  - 15. Apparatus of claim 5 wherein the sniffer is characterized as a sensor and is operable in a standalone manner.

16. A method for installing one or more security devices over a selected local geographic region, the method comprising:
- providing a wireless sniffer apparatus including an automated intrusion detection process, the apparatus comprising;
  
  a housing, the housing having a length no greater than a first dimension of about 40 centimeters, a width no greater than a second dimension of about 25 centimeters, and a height of no greater than a third dimension of about 10 centimeters;
  
  a processing unit within the housing;
  
  one or more wireless network interface devices within the housing and coupled to the processing unit;
  
  one or more antennas coupled the wireless network interface devices, the one or more antennas being adapted to protrude outside of a portion of the housing or being adapted to be completely within the housing or a portion of the one or more antennas are within the housing and a portion of the one or more antennas are outside of the housing;
  
  at least one Ethernet network interface device within the housing and coupled to the processing unit;
  
  at least one network connector coupled to the Ethernet network device; and
  
  one or more memories within the housing and coupled to the processing unit, the one or more memories including;
  
  a code directed to perform a process for detection of a wireless activity within a selected local geographic region, the wireless activity being derived from at least one authorized device or at least an other device;
  
  a code directed to receiving at least identity information associated with the wireless activity from the detection process in a classification process;
  
  a code directed to labeling the identity information into at least one of a plurality of categories in the classification process; and
  
  a code directed to testing connectivity of at least the other device associated with the detected wireless activity to a local area network within the selected location geographic region;
  
  a first output indication coupled to the housing, the first output indication being associated with a first device type; and
  
  a second output indication coupled to the housing, the second output indication being associated with a second device type;
  
  connecting the network connector to the local area network;
  
  executing at least a portion of the code directed to testing connectivity of at least the other device associated with the detected wireless activity to the local area network; and
  
  outputting either the first output indication or the second output indication based upon the detected wireless activity.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16 wherein the first output indication and the second output indication comprise respectively a first visual indication and a second visual indication.
  - 18. The method of claim 16 wherein the first output indication and the second output indication comprise respectively a first audio indication and a second audio indication.

20. Apparatus for sniffing wireless communication including an automated intrusion detection process, the sniffer apparatus comprising:
- a movable housing, the housing having a length, a width, and a height;
  
  a processing unit within the housing;
  
  one or more wireless network interface devices within the housing and coupled to the processing unit;
  
  at least one Ethernet network interface device within the housing and coupled to the processing unit;
  
  at least one network connector coupled to the Ethernet network interface device; and
  
  one or more memories within the housing and coupled to the processing unit;
  
  wherein the processing unit adapted to direct a process for detection of a wireless activity within a selected local geographic region, the wireless activity being derived from at least one authorized device or at least an other device;
  
  wherein the processing unit adapted to receive at least identity information associated with the wireless activity from the detection process in a classification process; and
  
  wherein the processing unit adapted to label the identity information into at least one of a plurality of categories in the classification process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arista Networks, Inc.
Original Assignee
Airtight Technologies Incorporated
Inventors
Gogate, Shantanu, King, David C., Bhagwat, Pravin

Granted Patent

US 7,339,914 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/328
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 43/00   Arrangements for monitoring...

H04L 63/1416   Event detection, e.g. attac...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/163   In-band adaptation of TCP d...

H04W 12/03   Protecting confidentiality,...

H04W 12/069   using certificates or pre-s...

H04W 12/088   using filters or firewalls

H04W 12/102   Route integrity, e.g. using...

H04W 12/122   Counter-measures against at...

Automated sniffer apparatus and method for monitoring computer systems for unauthorized access

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

119 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Automated sniffer apparatus and method for monitoring computer systems for unauthorized access

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links