METHOD AND SYSTEM FOR DETECTING CHARACTERISTICS OF A WIRELESS NETWORK
7 Assignments
0 Petitions
Accused Products
Abstract
Characteristics about one or more wireless access devices in a wireless network, whether known or unknown entities, can be determined using a system and method according to the present invention. An observation is made of the activity over a Wireless Area Network (WLAN). Based on this activity, changes in state of wireless access devices within the WLAN can be observed and monitored. These changes in state could be indicative of normal operation of the WLAN, or they may indicate the presence of an unauthorized user. In the latter case, an alert can be sent so that appropriate action may be taken. Additionally, ad hoc networks can be detected that may be connected to a wireless access point.
-
Citations
29 Claims
-
1-6. -6. (canceled)
-
7. A method, performed by one or more components of a node, comprising:
-
observing by the one or more components, a channel in a wireless network for a predetermined amount of time; parsing, by the one or more components, all packets transmitted on said channel; identifying, by the one or more components, protocol information in each of said parsed packets; comparing, by the one or more components, said identified protocol information to known patterns associated with an ad hoc network; and determining, by the one or more components and based on a result of the comparing, that the ad hoc wireless network exists. - View Dependent Claims (8, 9, 10, 11, 12, 23)
-
-
13. (canceled)
-
14. A system, comprising:
-
means for observing a channel in a wireless network for a predetermined amount of time; means for parsing a plurality of packets transmitted on said channel; means for identifying protocol information in each of said parsed packets; means for comparing said identified protocol information to a plurality of known patterns; and means for determining, based on a result of the comparing, whether said packets were transmitted over said wireless network or an ad hoc network associated with at least one of the plurality of known patterns. - View Dependent Claims (24, 25, 26)
-
-
15. (canceled)
-
16. (canceled)
-
17. A wireless intrusion detection system (WIDS) node, comprising:
-
means for creating a state transition table for one or more detected wireless access devices in a wireless network, the state transition table including a first entry indicative of a first state of a communication session, via the wireless network, between the one or more detected wireless access devices and at least one device, where the first state is defined based on an identity of the one or more detected wireless access devices and a type of at least one packet identifying the one or more detected wireless access devices; means for observing a plurality of packets sent by each of said one or more detected wireless access devices; means for identifying, based on said observing said plurality of packets, a state change, from the first state, for at least one of said one or more detected wireless access devices, when types of the plurality of packets differ from the type of the at least one packet and when the plurality of packets have sources and/or destinations other than the at least one device; and means for reporting said identified state change to a WIDS collector. - View Dependent Claims (27)
-
-
18. A wireless intrusion detection system (WIDS) collector, comprising:
-
means for receiving, from one or more WIDS nodes in a wireless network, reports of state changes from a first state of operation of a wireless access device, where the first state is defined as an identity of at least one device in communication with the wireless access device and a type of a packet that identifies the wireless access device; and means for determining, based on said state changes, whether a particular activity, of a set of activities, has occurred within the wireless network. - View Dependent Claims (19, 20, 21, 22)
-
-
28. The WIDS node of claim 28, further comprising:
means for determining, when the next state transition is proscribed by the wireless network standard, a type of prohibited activity associated with the next state transition. - View Dependent Claims (29)
Specification