Detecting Rogue Access Points
First Claim
1. In a wireless digital network having a plurality of access points (AP) and/or air monitors (AM) connected to a controller, the method of detecting potential rogue wireless devices comprising:
- at each AP or AM, building a RF-neighbor list of all the BSSIDs that AP or AM can receive,transferring the RF-neighbor list to the controller,comparing, at the controller, the RF-neighbor list transferred from an AP or AM to the last RF-neighbor list transferred to the controller from that AP or AM, andflagging as a potential rogue any BSSID present in the RF-neighbor list transferred from the AP or AM that is not present in the last RF-neighbor list transferred to the controller from that AP or AM.
4 Assignments
0 Petitions
Accused Products
Abstract
Detecting rogues in a controller-based wireless network impersonating the BSSIDs of known valid access points (APs). Access points (APs) and Air Monitors (AMs, receive-only devices) periodically build RF-neighbor lists by collecting the BSSIDS of all the access points they can receive. These lists are then sent to the host controller. The host controller compares the new RF-neighbor list against the old RF-neighbor list. An otherwise valid BSSID appearing on a RF-neighbor list where it has not appeared before is flagged as a potential rogue.
-
Citations
5 Claims
-
1. In a wireless digital network having a plurality of access points (AP) and/or air monitors (AM) connected to a controller, the method of detecting potential rogue wireless devices comprising:
-
at each AP or AM, building a RF-neighbor list of all the BSSIDs that AP or AM can receive, transferring the RF-neighbor list to the controller, comparing, at the controller, the RF-neighbor list transferred from an AP or AM to the last RF-neighbor list transferred to the controller from that AP or AM, and flagging as a potential rogue any BSSID present in the RF-neighbor list transferred from the AP or AM that is not present in the last RF-neighbor list transferred to the controller from that AP or AM. - View Dependent Claims (2, 3, 4)
-
-
5. A machine readable medium having a set of instructions stored in nontransitory form therein, which when executed on devices connected to a network cause a set of operations to be performed comprising:
-
building a RF-neighbor list of all BSSIDs received by an access point or air monitor connected to the network, transferring the RF-neighbor list from the access point or air monitor to the controller hosting the access point or air monitor, comparing, at the controller, the RF-neighbor list from the access point or air monitor with the last RF-neighbor list transferred to the controller from that access point or air monitor, and flagging as a potential rogue any BSSID present in the RF-neighbor list transferred from the access point or air monitor that is not present in the last RF-neighbor list transferred to the controller from that access point or air monitor.
-
Specification