Detecting unauthorized wireless devices on a wired network
First Claim
Patent Images
1. A method of detecting unauthorized devices, the method comprising the steps of:
- capturing a plurality of wireless packets;
compiling a list of transmitter and receiver addresses from the plurality of wireless packets captured;
inspecting a wireless packet from the plurality of wireless packets to determine whether a transmitter or receiver address from the list is associated with an unauthorized wireless device; and
inspecting the wireless packet to determine whether a source or destination associated with the packet is on an authorized wired list; and
issuing an alarm responsive to a determination that an unauthorized wireless device is transmitting to an authorized wired device associated with the authorized wired list.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for detecting unauthorized wireless devices on a network. Systems and methods include determining when an unauthorized wireless device is communicating with a wired device and can signal an alarm responsive to such condition.
-
Citations
21 Claims
-
1. A method of detecting unauthorized devices, the method comprising the steps of:
-
capturing a plurality of wireless packets;
compiling a list of transmitter and receiver addresses from the plurality of wireless packets captured;
inspecting a wireless packet from the plurality of wireless packets to determine whether a transmitter or receiver address from the list is associated with an unauthorized wireless device; and
inspecting the wireless packet to determine whether a source or destination associated with the packet is on an authorized wired list; and
issuing an alarm responsive to a determination that an unauthorized wireless device is transmitting to an authorized wired device associated with the authorized wired list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A security system operable to detect unauthorized devices on a wireless network, the system comprising:
-
a wireless receiver operable to intercept a plurality of wireless packets transmitted over a wireless network;
a data store configured to record the plurality of wireless packets, and to compile a wireless list comprising transmitter and receiver addresses; and
a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store and wherein the system processor is programmed or adapted to execute;
parsing logic operable to parse the address of a wireless frame to determine an originating source address field, a targeted destination address field, a transmitter address field, and a receiver address field;
comparison logic operable to determine whether an address on the list of transmitter and receiver addresses is on an unauthorized transmitter/receiver list, the comparison logic being further operable to determine whether a source or destination associated with a packet is on an authorized wired list; and
alarm logic operable to issue an alarm responsive to the results of the comparison logic. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of detecting unauthorized devices accessing a network, said network having a connection to one or more wired devices;
- the method comprising the steps of;
determining whether wireless devices are authorized to access the network;
examining first network traffic patterns associated with authorized wireless devices in order to determine whether any wired devices are present in the first network traffic patterns;
examining second network traffic patterns associated with unauthorized wireless devices in order to determine whether any wired devices are present in the second network traffic patterns;
detecting a first type of unauthorized access if a wired device is present in both the first and second network traffic patterns; and
detecting a different type of unauthorized access if a wired device is not present in both the first and second network traffic patterns.
- the method comprising the steps of;
-
21. A method of detecting unauthorized devices accessing a network, said network having a connection to one or more wired devices;
- the method comprising the steps of;
querying a wired-side switch to obtain a list of device addresses observed by the switch;
filtering the list of addresses to identify wireless devices based on prefixes associated with wireless device addresses;
comparing the identified wireless device addresses with a list of authorized wireless device addresses;
detecting an unauthorized access if an identified wireless device address is not present in the list of authorized wireless device addresses.
- the method comprising the steps of;
Specification