WIRELESS ASSOCIATION TABLE DENIAL OF SERVICE PREVENTION

US 20170013447A1
Filed: 07/06/2015
Published: 01/12/2017
Est. Priority Date: 07/06/2015
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more processors; and

a non-transitory computer readable storage medium coupled to the one or more processors, wherein the non-transitory computer readable storage medium includes instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including;

receiving, at a network device, an association request, wherein the association request is related to a wireless client device;

transmitting an association response, wherein the association response includes an association identifier for the wireless client device;

updating an association table with an entry for the wireless client device;

transmitting an association query, wherein receiving the association query at a wireless client device causes the wireless client device to transmit a response to the association query;

monitoring for a response to the association query for a predetermined time period after transmitting the association response;

determining that a response to the association query is not received during the predetermined time period; and

updating the association table to remove the entry for the wireless client device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein are systems, devices, techniques and products for managing the dynamic assignment of media access control (MAC) addresses to wireless network devices, such as by identifying a dynamically assigned MAC address before, after, or during a wireless association process and communicating the dynamically assigned MAC address to a wireless network device. Also disclosed are systems, devices, techniques and products for preventing a denial of service attack on a wireless access point'"'"'s association table, such as by requiring devices that associate with a wireless access point to respond to a query from the wireless access point shortly after association.

Citations

48 Claims

1. A system comprising:
- one or more processors; and
  
  a non-transitory computer readable storage medium coupled to the one or more processors, wherein the non-transitory computer readable storage medium includes instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including;
  
  receiving, at a network device, an association request, wherein the association request is related to a wireless client device;
  
  transmitting an association response, wherein the association response includes an association identifier for the wireless client device;
  
  updating an association table with an entry for the wireless client device;
  
  transmitting an association query, wherein receiving the association query at a wireless client device causes the wireless client device to transmit a response to the association query;
  
  monitoring for a response to the association query for a predetermined time period after transmitting the association response;
  
  determining that a response to the association query is not received during the predetermined time period; and
  
  updating the association table to remove the entry for the wireless client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system of claim 1, wherein the association query includes a null data packet, and wherein the response to the association query includes an acknowledgement packet.
  - 3. The system of claim 1, wherein the association query includes a plurality of null data packets, and wherein the response to the association query includes a plurality of acknowledgement packets.
  - 4. The system of claim 1, wherein the association query includes an Internet Control Message Protocol echo request message, and wherein the response to the association query includes an Internet Control Message Protocol echo reply message.
  - 5. The system of claim 1, wherein the association query includes an identification request message, and wherein the response to the association query includes an wireless client identifier.
  - 6. The system of claim 1, wherein the association query includes a dynamic host configuration protocol (DHCP) offer message, and wherein the response to the association query includes a DHCP request message.
  - 7. The system of claim 1, wherein determining that a response to the association query is not received during the predetermined time period includes determining that only an incomplete response to the association query is received during the predetermined time period.
  - 8. The system of claim 1, wherein the association query includes a request for authentication, and wherein the response to the association query includes an authentication credential.
  - 9. The system of claim 1, wherein the association query includes a request for authentication, wherein the response to the association query includes an authentication credential, and wherein determining that a response to the association query is not received during the predetermined time period includes determining that the wireless client device has not successfully authenticated.
  - 10. The system of claim 1, wherein the operations further include:
    - facilitating authentication of the wireless client device after transmitting new association response.
  - 11. The system of claim 1, wherein the association query and the response to the association query include elements of an IEEE 802.1X authentication process.
  - 12. The system of claim 1, wherein the association query and the response to the association query include elements of an IEEE 802.11i authentication process.
  - 13. The system of claim 1, wherein the operations further include:
    - identifying a media access control (MAC) address included in the association request as different from a hardware MAC address corresponding to the wireless client device.
  - 14. The system of claim 1, wherein the operations further include:
    - identifying a media access control (MAC) address included in the association request as a randomly assigned MAC address.
  - 15. The system of claim 1, wherein the operations further include:
    - identifying a media access control (MAC) address included in the association request as a randomly assigned MAC address.
  - 16. The system of claim 1, wherein the operations further include:
    - identifying a media access control (MAC) address included in the association request as a locally administered MAC address.
  - 17. The system of claim 1, wherein the operations further include:
    - identifying a plurality of association requests related to a same wireless client device, wherein each of the plurality of association requests include different media access control (MAC) addresses; and
      
      discarding additional association requests related to the same wireless client device.
  - 18. The system of claim 17, wherein identifying includes identifying a characteristic related to the plurality of association requests, wherein the characteristic facilitates determining that the plurality of association requests originate from the same wireless client device.

19-23. -23. (canceled)

24. A computer implemented method, comprising:
- receiving, at a network device, an association request, wherein the association request is related to a wireless client device;
  
  transmitting an association response, wherein the association response includes an association identifier for the wireless client device;
  
  updating an association table with an entry for the wireless client device;
  
  transmitting an association query, wherein receiving the association query at a wireless client device causes the wireless client device to transmit a response to the association query;
  
  monitoring for a response to the association query for a predetermined time period after transmitting the association response;
  
  determining that a response to the association query is not received during the predetermined time period; and
  
  updating the association table to remove the entry for the wireless client device.

25-46. -46. (canceled)

47. A non-transitory computer readable medium comprising instructions that, when executed by one or more processors, cause the one or more processors to perform operations including:
- receiving, at a network device, an association request, wherein the association request is related to a wireless client device;
  
  transmitting an association response, wherein the association response includes an association identifier for the wireless client device;
  
  updating an association table with an entry for the wireless client device;
  
  transmitting an association query, wherein receiving the association query at a wireless client device causes the wireless client device to transmit a response to the association query;
  
  monitoring for a response to the association query for a predetermined time period after transmitting the association response;
  
  determining that a response to the association query is not received during the predetermined time period; and
  
  updating the association table to remove the entry for the wireless client device.

48-69. -69. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Aruba Networks Incorporated (Hewlett-Packard Enterprise Company)
Inventors
RAMAN, Gopalakrishna, GANU, Sachin, HARKINS, Daniel, SIRAJ, Mohd

Granted Patent

US 9,674,703 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 61/5038   for local use, e.g. in LAN ...

H04L 61/5061   Pools of addresses

H04L 61/5092   by self-assignment, e.g. pi...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/1458   Denial of Service

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/50   Secure pairing of devices

H04W 12/71   Hardware identity

H04W 48/16   Discovering, processing acc...

H04W 64/006   with additional information...

H04W 8/005   Discovery of network device...

H04W 8/26   Network addressing or numbe...

H04W 84/12   WLAN [Wireless Local Area N...

WIRELESS ASSOCIATION TABLE DENIAL OF SERVICE PREVENTION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

WIRELESS ASSOCIATION TABLE DENIAL OF SERVICE PREVENTION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links