METHOD FOR DETECTING ROGUE DEVICES OPERATING IN WIRELESS AND WIRED COMPUTER NETWORK ENVIRONMENTS

US 20090235354A1
Filed: 03/10/2009
Published: 09/17/2009
Est. Priority Date: 02/18/2003
Status: Active Grant

First Claim

Patent Images

1. A method of identifying Media Access Control addresses of rogue devices operating in a hybrid network, the method comprising:

identifying Basic Service Set Identifiers for devices operating on a wireless network;

creating a rogue discovery event for at least one of the Basic Service Set Identifiers of a device not authorized to operate in the hybrid network;

determining a root Basic Service Set Identifier from the rogue discovery event;

assigning the root Basic Service Set Identifier to a rogue device record;

searching the hybrid network for wired devices associated with the root Basic Service Set Identifier and determining corresponding Media Access Control addresses for the located wired devices; and

comparing the Media Access Control addresses with a plurality of octets of the root Basic Service Set Identifier in the rogue device record.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A management of wireless and wired computer network environments in which rogue and other devices that may affect the performance and/or security of the wireless computer network can be detected. Specifically, the present invention discloses a method and system of detecting all interfaces, Media Access Control (MAC) addresses and radio MAC addresses (BSSIDs) affiliated with a rogue device and compiling this information into a database. As a result, the present invention reduces the number of alerts that one rogue device can generate and increases the accuracy and speed of locating the rogue device within a network.

Citations

20 Claims

1. A method of identifying Media Access Control addresses of rogue devices operating in a hybrid network, the method comprising:
- identifying Basic Service Set Identifiers for devices operating on a wireless network;
  
  creating a rogue discovery event for at least one of the Basic Service Set Identifiers of a device not authorized to operate in the hybrid network;
  
  determining a root Basic Service Set Identifier from the rogue discovery event;
  
  assigning the root Basic Service Set Identifier to a rogue device record;
  
  searching the hybrid network for wired devices associated with the root Basic Service Set Identifier and determining corresponding Media Access Control addresses for the located wired devices; and
  
  comparing the Media Access Control addresses with a plurality of octets of the root Basic Service Set Identifier in the rogue device record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising assigning a score to the rogue discovery event based on security risk.
  - 3. The method of claim 1, further comprising comparing the identified Basic Service Set Identifiers with a list of Basic Service Set Identifiers of devices controlled by a management platform to determine whether the corresponding device is authorized to operate in the hybrid network.
  - 4. The method of claim 1, further comprising mapping a radio frequency environment from the rogue discovery event.
  - 5. The method of claim 1, further comprises locating each of the devices operating on the wireless network via a triangulation method.
  - 6. The method of claim 1, further comprising determining channel information from the rogue discovery event.
  - 7. The method of claim 1, further comprising determining security information from the rogue discovery event.
  - 8. The method of claim 1, further comprising determining signal strength from the rogue discovery event.
  - 9. The method of claim 1, wherein the comparing step further comprises identifying a device having the closest address when more than one Media Access Control addresses match the root Basic Service Set Identifier in the rogue device record.
  - 10. The method of claim 1, further comprising analyzing all rogue discovery events for the at least one of the Basic Service Set Identifiers to determine a virtual Basic Service Set Identifier.
  - 11. The method of claim 10, further comprising creating a rogue interface record for the virtual Basic Service Set Identifier.
  - 12. The method of claim 1, further comprising creating a rogue interface record for the root Basic Service Set Identifier.
  - 13. The method of claim 1, wherein the comparing step further comprises comparing the Media Access Control addresses with a first five octets of the root Basic Service Set Identifier in the rogue device record.
  - 14. The method of claim 1, further comprising creating additional rogue interface records for each of the Media Access Control addresses that correspond to the first five octets of the root Basic Service Set Identifier.
  - 15. The method of claim 14, further comprising searching the additional rogue interface records for the Media Access Control addresses having corresponding Internet Protocol addresses.
  - 16. The method of claim 15, further comprising querying at least one of the Internet Protocol addresses to determine an operating system of the corresponding rogue device.
  - 17. The method of claim 1, wherein the searching step further comprises reading bridge forwarding tables on a switch to find the wired devices.
  - 18. The method of claim 1, wherein the searching step further comprises reading address resolution protocol tables of a router to find the wired devices.

19. A system for performing a computer-based method of identifying Media Access Control addresses of rogue devices operating in a hybrid network, comprising:
- a computer having a memory and a processor; and
  
  a computer-readable medium configured to generate software code, which, when said code is loaded into the memory and run by the processor, causes the processor to perform the steps of;
  
  identifying Basic Service Set Identifiers for devices operating on a wireless network;
  
  creating a rogue discovery event for at least one of the Basic Service Set Identifiers of a device not authorized to operate in the hybrid network;
  
  determining a root Basic Service Set Identifier from the rogue discovery event;
  
  assigning the root Basic Service Set Identifier to a rogue device record;
  
  searching the hybrid network for wired devices associated with the root Basic Service Set Identifier and determining corresponding Media Access Control addresses for the located wired devices; and
  
  comparing the Media Access Control addresses with a plurality of octets of the root Basic Service Set Identifier in the rogue device record.

20. A system for performing a computer-based method of identifying Media Access Control addresses of rogue devices operating in a hybrid network, comprising:
- a computer having a memory and a processor; and
  
  a computer-readable medium configured to generate software code, which, when said code is loaded into the memory and run by the processor, causes the processor to perform the steps of;
  
  identifying Basic Service Set Identifiers for devices operating on a wireless network;
  
  creating a rogue discovery event for at least one of the Basic Service Set Identifiers of a device not authorized to operate in the hybrid network;
  
  determining a root Basic Service Set Identifier from the rogue discovery event;
  
  assigning the root Basic Service Set Identifier to a rogue device record;
  
  assigning a score to the rogue discovery event based on security risk;
  
  searching the rogue discovery event to determine a virtual Basic Service Set Identifier;
  
  searching the hybrid network for wired devices associated with the root Basic Service Set Identifier and determining corresponding Media Access Control addresses for the located wired devices;
  
  comparing the Media Access Control addresses with a first five octet of the root Basic Service Set Identifier in the rogue device record;
  
  creating a rogue interface record for the virtual Basic Service Set Identifier, the root Basic Service Set Identifier and for Media Access Control addresses that correspond to the first five octets of the root Basic Service Set Identifier;
  
  searching the additional rogue interface records for the Media Access Control addresses having Internet Protocol addresses; and
  
  displaying a location of at least one rogue device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Aruba Networks Incorporated (Hewlett-Packard Enterprise Company)
Inventors
Burke, Anthony Glenn, Luther, Jason E., Gray, Gordon P.

Granted Patent

US 9,137,670 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04W 12/122   Counter-measures against at...

H04W 24/08   Testing, supervising or mon...

H04W 24/10   Scheduling measurement repo...

H04W 8/005   Discovery of network device...

H04W 88/08   Access point devices

METHOD FOR DETECTING ROGUE DEVICES OPERATING IN WIRELESS AND WIRED COMPUTER NETWORK ENVIRONMENTS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR DETECTING ROGUE DEVICES OPERATING IN WIRELESS AND WIRED COMPUTER NETWORK ENVIRONMENTS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links