Spoofing Detection
9 Assignments
0 Petitions
Accused Products
Abstract
A wireless access device in a wireless network, whether a known or unknown entity, can be located using a geolocation system according to the present invention. A signal strength is determined by a wireless intrusion detection system (WIDS) node in a wireless network for each wireless access device that it detects. Based on the signal strength, an approximate distance from the node is determined, which, in one embodiment corresponds to a radius of a circle around the node. To account for error, an approximation band of the circle is calculated that will allow a user to determine the approximate location of the device within the wireless network.
-
Citations
32 Claims
-
1-10. -10. (canceled)
-
11. A method comprising:
-
determining a location of a wireless access device; comparing said location of said wireless access device to policy elements applicable to said wireless access device; and creating an alert if said wireless access device violates more than a threshold number of said policy elements. - View Dependent Claims (12, 13, 14)
-
-
15-19. -19. (canceled)
-
20. A method to detect spoofing, the method comprising:
-
determining a first location of a wireless access device having an identifier at a first time; associating the first location with the wireless access device; determining a second location of the wireless access device at a second time; comparing the first location and the second location to determine whether the first location and the second location are within a possible distance of one another for the wireless access device to travel between the first and second times; and sending an alert in response to determining that the first location and the second location are outside of the possible distance. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A method to detect spoofing with a collector device in connection with a plurality of nodes, the method comprising:
-
receiving a first state of a wireless access device and a first communication device to which the wireless access device is communicating over a particular network at a first time at a particular node of the plurality of nodes; receiving or generating a first event for the wireless access device identifying the first state and the first communication device; receiving a second state of the wireless access device and a second communication device to which the wireless access device is communicating over the particular network at a second time at a particular node of the plurality of nodes; receiving or generating a second event for the wireless access device identifying the second state and the second communication device in response to determining that at least one of; the first state and the second state are different, and the first communication device and the second communication device are different; checking the first and second events with the collector device for activities prohibited by one or more policy elements of the particular network, wherein the collector device is configured with the one or more policy elements; and sending an alert signal in response to determining that the first and second events identify an activity that is prohibited by the one or more policy elements. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
Specification