Automated method and system for monitoring local area computer networks for unauthorized wireless access
First Claim
1. A method for monitoring a wireless communication space occupied by one or more computer networks, the method comprising:
- monitoring a selected local geographic region using one or more sniffer devices, each of the sniffer devices being spatially disposed within the selected local geographic region, the selected local geographic region being occupied by one or more connection points to a local area computer network;
detecting a wireless activity within the selected local geographic region using at least one of the sniffer devices from the one or more sniffer devices, the wireless activity being derived from at least one authorized device, or at least one unauthorized device, or at least one external device;
receiving at least identity information associated with the wireless activity in a classification process;
labeling the identity information into at least one of a plurality of categories; and
transferring at least an indication associated with the identify information to a prevention process.
2 Assignments
0 Petitions
Accused Products
Abstract
According to an embodiment of the present invention, the wireless activity in a geographic area containing LAN connection ports is monitored using one or more sensor devices, called sniffers. By analyzing said wireless activity, one or more APs that are operating in said geographic area are identified. The active APs so identified are classified into three categories, namely “authorized” APs (those that are allowed by network administrator), “unauthorized” APs (those that are not allowed by the network administrator, but are still connected to the LAN of interest) and “external” APs (those that are not allowed by network administrator but are not connected to the LAN of interest, for example APs connected to the neighbor'"'"'s LAN) by conducting one or more tests. The sniffers continue to monitor the selected geographic area to detect any wireless station attempting to connect to or communicating with the one or more identified unauthorized APs. Upon identifying unauthorized AP and/or intruding wireless station an indication is transferred to the prevention process.
100 Citations
2 Claims
-
1. A method for monitoring a wireless communication space occupied by one or more computer networks, the method comprising:
-
monitoring a selected local geographic region using one or more sniffer devices, each of the sniffer devices being spatially disposed within the selected local geographic region, the selected local geographic region being occupied by one or more connection points to a local area computer network; detecting a wireless activity within the selected local geographic region using at least one of the sniffer devices from the one or more sniffer devices, the wireless activity being derived from at least one authorized device, or at least one unauthorized device, or at least one external device; receiving at least identity information associated with the wireless activity in a classification process; labeling the identity information into at least one of a plurality of categories; and transferring at least an indication associated with the identify information to a prevention process.
-
-
2-50. -50. (canceled)
Specification
-
- Resources
-
Current AssigneeAirtight Networks Incorporated (Arista Networks, Inc.)
-
Original AssigneeAirtight Networks Incorporated (Arista Networks, Inc.)
-
InventorsBhagwat, Pravin, Gogate, Shantanu, King, David C.
-
Application NumberUS12/419,300Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current726/23CPC Class CodesG06F 21/55 Detecting local intrusion o...H04L 43/00 Arrangements for monitoring...H04L 63/1416 Event detection, e.g. attac...H04L 69/16 Implementation or adaptatio...H04L 69/161 Implementation details of T...H04L 69/163 In-band adaptation of TCP d...H04W 12/03 Protecting confidentiality,...H04W 12/069 using certificates or pre-s...H04W 12/088 using filters or firewallsH04W 12/102 Route integrity, e.g. using...H04W 12/122 Counter-measures against at...
