AUTOMATED SNIFFER APPARATUS AND METHOD FOR MONITORING COMPUTER SYSTEMS FOR UNAUTHORIZED ACCESS

US 20080109879A1
Filed: 01/08/2008
Published: 05/08/2008
Est. Priority Date: 02/11/2004
Status: Abandoned Application

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for wireless communication including an automated intrusion detection process is provided. The apparatus has a portable housing, which may have a length no greater than 1 meter, a width no greater than 1 meter, and a height of no greater than 1 meter. A processing unit (e.g., CPU) is within the housing. One or more wireless network interface devices are within the housing and are coupled to the processing unit. The apparatus has an Ethernet (or like) network interface device within the housing and coupled to the processing unit. A network connector is coupled to the Ethernet network device. One or more memories are coupled to the processing unit. A code is directed to perform a process for detection of a wireless activity within a selected local geographic region. According to a specific embodiment, the wireless activity is derived from at least one authorized device or at least an other device. A code is directed to receiving at least identity information associated with the wireless activity from the detection process in a classification process. A code is directed to labeling the identity information into at least one of a plurality of categories in the classification process. Depending upon the embodiment, other codes may exist to carry out the functionality described herein.

Citations

40 Claims

1-20. -20. (canceled)

21. A method for monitoring for unauthorized wireless access to computer networks, the method comprising:
- monitoring wireless communications within a selected geographic region using one or more sniffer devices to at least detect an active wireless access point device that transmits wireless signals within the selected geographic region, the one or more sniffer devices being positioned within the selected geographic region;
  
  transferring a plurality of marker packets into the computer network, the plurality of marker packets being adapted to be transferred to wireless medium from the computer network through one or more wireless access point devices which are connected to the computer network and which are configured to function as layer two bridges between their wired and wireless interfaces, the plurality of marker packets having a predetermined format, at least a subset of the one or more sniffer devices being configured to be able to identify at least a portion of the predetermined format, the transferring being actively transferring at least for a process of detection of unauthorized wireless access to the computer network;
  
  processing using at least one of the at least the subset of the one or more sniffer devices at least a portion of the monitored wireless communications within the selected geographic region, the processing being directed to at least identifying at least one of the plurality of marker packets being transferred from the computer network to the wireless medium within the selected geographic region through the active wireless access point device, the processing including identifying the at least the portion of the predetermined format within one or more packets included in the at least the portion of the monitored wireless communications; and
  
  determining that the active wireless access point device provides unauthorized wireless access to the computer network based at least upon the at least one of the plurality of marker packets being identified as transferred from the computer network to the wireless medium within the selected geographic region through the active wireless access point device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 22. The method of claim 21, and further comprising ascertaining that the active wireless access point device is not among one or more wireless access point devices which are allowed to be connected to the computer network within the selected geographic region.
  - 23. The method of claim 21 wherein the ascertaining that the active wireless access point device is not among the one or more wireless access point devices which are allowed to be connected to the computer network comprising comparing a feature set associated with the active wireless access point device with a feature set associated with each of the one or more wireless access point devices which are allowed to be connected to the computer network.
  - 24. The method of claim 23 wherein the feature set associated with the active wireless access point device comprises one or more features selected from the group consisting of encryption method for wireless link, authentication method for wireless link, and MAC address of a wireless interface of the active wireless access point device.
  - 25. The method of claim 23 wherein the feature set associated with the each of the one or more wireless access point devices which are allowed to be connected to the computer network comprises one or more features selected from the group consisting of encryption method for wireless link, authentication method for wireless link, and MAC address of a wireless interface of the each wireless access point device which is allowed to be connected to the computer network.
  - 26. The method of claim 21 wherein the actively transferring the plurality of marker packets into the computer network including transferring the plurality of marker packets into the computer network responsive to the detecting the active wireless access point device that transmits wireless signals within the selected geographic region.
  - 27. The method of claim 21 wherein the actively transferring the plurality of marker packets into the computer network including transferring periodically the plurality of marker packets into the computer network.
  - 28. The method of claim 21 wherein the predetermined format comprises one or more predetermined bit patterns.
  - 29. The method of claim 21 wherein the predetermined format comprises one or more predetermined sizes.
  - 30. The method of claim 21 wherein the plurality of marker packets are transferred into the computer network from a computing device connected to the computer network using one or more wires.
  - 31. The method of claim 21 wherein the computing device connected to the computer network using the one or more wires includes a sniffer device.

32. An apparatus for monitoring for unauthorized wireless access to computer networks, the apparatus comprising:
- a wired network interface for coupling the apparatus to a computer network;
  
  a first portion of computer memory coupled to the wired network interface, the first portion of computer memory including computer code for transferring one or more marker packets into the computer network using the wired network interface, the one or more marker packets being adapted to be transferred to wireless medium from the computer network through one or more wireless access point devices which are connected to the computer network and which are configured to function as layer two bridges between their wired and wireless interfaces, a predetermined format being associated with the one or more marker packets, the transferring being actively transferring at least for a process of detection of unauthorized wireless access to the computer network;
  
  a wireless network interface for receiving wireless communication activity;
  
  a second portion of computer memory coupled to the wireless network interface, the second portion of computer memory including computer code for processing at least a portion of the wireless communication activity received using the wireless network interface to identify at least one marker packet from the one or more marker packets that is transferred to the wireless medium from the computer network through a first wireless access point device; and
  
  a third portion of computer memory including computer code for generating an indication that the first wireless access point device provides unauthorized wireless access to the computer network responsive to at least the at least one marker packet being identified.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
- - 33. The apparatus of claim 32, and further comprising a fourth portion of computer memory including computer code for ascertaining that the first wireless access point device is not authorized to be connected to the computer network.
  - 34. The apparatus of claim 33, wherein the computer code included in the fourth portion of computer memory is adapted to:
    - receiving a list of identities of one or more wireless access point devices that are authorized to be connected to the computer network; and
      
      comparing identity of the first wireless access point device against the list.
  - 35. The apparatus of claim 32 wherein the wired network interface, the first portion of computer memory, the wireless network interface, and the second portion of computer memory are all provided within a sniffer device.
  - 36. The apparatus of claim 35 wherein the third portion of computer memory is provided within a server device which communicates with the sniffer device over one or more computer networks.
  - 37. The apparatus of claim 32 wherein the wired network interface and the first portion of computer memory are provided within a first sniffer device;
    - and the wireless network interface and the second portion of computer memory are provided within a second sniffer device, the second sniffer device being different from the first sniffer device.
  - 38. The apparatus of claim 32 wherein the computer code for processing the at least the portion of the wireless communication activity received using the wireless network interface to identify the at least one marker packet from the one or more marker packets that is transferred to the wireless medium from the computer network through the first wireless access point device includes computer code for detecting at least a portion of the predetermined format in one or more packets in the at least the portion of the wireless communication activity.
  - 39. The apparatus of claim 32 wherein the wired network interface and at least a portion of the first portion of computer memory are provided within a computer system connected to the computer network using wires.
  - 40. The apparatus of claim 32 wherein the wireless network interface and at least a portion of the second portion of computer memory are provided within a sniffer device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Airtight Networks Incorporated (Arista Networks, Inc.)
Original Assignee
Airtight Networks Incorporated (Arista Networks, Inc.)
Inventors
King, David, Bhagwat, Pravin, Gogate, Shantanu

Application Number

US11/970,532
Publication Number

US 20080109879A1
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 43/00   Arrangements for monitoring...

H04L 63/1416   Event detection, e.g. attac...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/163   In-band adaptation of TCP d...

H04W 12/03   Protecting confidentiality,...

H04W 12/069   using certificates or pre-s...

H04W 12/088   using filters or firewalls

H04W 12/102   Route integrity, e.g. using...

H04W 12/122   Counter-measures against at...

AUTOMATED SNIFFER APPARATUS AND METHOD FOR MONITORING COMPUTER SYSTEMS FOR UNAUTHORIZED ACCESS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

AUTOMATED SNIFFER APPARATUS AND METHOD FOR MONITORING COMPUTER SYSTEMS FOR UNAUTHORIZED ACCESS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links