AUTOMATED SNIFFER APPARATUS AND METHOD FOR MONITORING COMPUTER SYSTEMS FOR UNAUTHORIZED ACCESS
8 Assignments
0 Petitions
Accused Products
Abstract
An apparatus for wireless communication including an automated intrusion detection process is provided. The apparatus includes a processing unit. It includes a wireless network interface device and an Ethernet (or like) wired network interface device that are coupled to the processing unit. One or more memories are coupled to the processing unit. A code is directed to perform a process for detection of wireless activity within a selected local geographic region. According to a specific embodiment, the wireless activity is derived from a wireless access point device that is operational about the selected local geographic region. A code is directed to performing connectivity test using one or more marker packets to determine connectivity status of the wireless access point device to network to be protected from intrusion. Depending upon the embodiment, other codes may exist to carry out the functionality described herein.
84 Citations
40 Claims
-
1-20. -20. (canceled)
-
21. A method for monitoring for unauthorized wireless access to computer networks, the method comprising:
-
monitoring wireless communications within a selected geographic region using one or more sniffer devices that are positioned within the selected geographic region, the selected geographic region including a wired portion of a computer network, the wired portion to be protected from unauthorized wireless access over any unauthorized wireless access point device connected to the wired portion; detecting an active wireless access point device that transmits wireless signals within the selected geographic region; transferring a plurality of marker packets into the wired portion of the computer network, the plurality of marker packets being adapted to be transferred to wireless medium from the wired portion of the computer network through one or more wireless access point devices which are connected to the wired portion of the computer network and which are configured to function as layer two bridges between their wired and wireless interfaces, the plurality of marker packets having a predetermined format, at least a subset of the one or more sniffer devices being configured to be able to identify at least a portion of the predetermined format, the transferring being actively transferring at least for a process of detection of unauthorized wireless access to the wired portion of the computer network; processing using at least one of the at least the subset of the one or more sniffer devices at least a portion of the monitored wireless communications within the selected geographic region, the processing being directed to at least identifying at least one of the plurality of marker packets being transferred from the wired portion of the computer network to the wireless medium within the selected geographic region through the active wireless access point device, the processing including identifying the at least the portion of the predetermined format within one or more packets included in the at least the portion of the monitored wireless communications; determining that the active wireless access point device is connected to the wired portion of the computer network, based at least upon the at least one of the plurality of marker packets being identified as transferred from the wired portion of the computer network to the wireless medium within the selected geographic region through the active wireless access point device; and generating an indication of unauthorized wireless access to the wired portion of the computer network, based at least upon the determining that the active wireless access point device is connected to the wired portion of the computer network. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. An apparatus for monitoring for unauthorized wireless access to computer networks, the apparatus comprising:
-
a wired network interface for coupling the apparatus to a wired portion of a computer network, the wired portion to be protected from unauthorized wireless access over any unauthorized wireless access point device connected to the wired portion; a first portion of computer memory coupled to the wired network interface, the first portion of computer memory including computer code for transferring one or more marker packets into the wired portion of the computer network using the wired network interface, the one or more marker packets being adapted to be transferred to wireless medium from the wired portion of the computer network through one or more wireless access point devices which are connected to the wired portion of the computer network and which are configured to function as layer two bridges between their wired and wireless interfaces, a predetermined format being associated with the one or more marker packets, the transferring being actively transferring at least for a process of detection of unauthorized wireless access to the wired portion of the computer network; a wireless network interface for receiving wireless communication activity; a second portion of computer memory coupled to the wireless network interface, the second portion of computer memory including computer code for processing at least a portion of the wireless communication activity received using the wireless network interface to identify at least one marker packet from the one or more marker packets that is transferred to the wireless medium from the wired portion of the computer network through a first wireless access point device; a third portion of computer memory including computer code for determining that the first wireless access point device is connected to the wired portion of the computer network, based at least upon the at least one marker packet being identified as transferred to the wireless medium from the wired portion of the computer network through the first wireless access point device; and a fourth portion of computer memory including computer code for generating an indication of unauthorized wireless access to the wired portion of the computer network based at least upon the determining that the first wireless access point device is connected to the wired portion of the computer network. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
-
Specification