System and method for wireless LAN dynamic channel change with honeypot trap

US 7,042,852 B2
Filed: 06/03/2002
Issued: 05/09/2006
Est. Priority Date: 05/20/2002
Status: Expired due to Term

First Claim

Patent Images

1. A network security system, the system comprising:

a) a system data store capable of storing network default and configuration data;

b) a wireless transmitter capable of transmitting communications over a wireless computer network;

c) a wireless receiver capable of receiving communications transmitted over the wireless computer network;

d) a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store, the wireless receiver and the wireless transmitter and wherein the system processor is programmed or adapted to perform the steps comprising of;

i) receiving configuration data associated with an access point potentially compromised by an intruder;

ii) storing in the system data store identification information associated with the access point based on the received configuration data;

iii) communicating with the intruder via the wireless transmitter and receiver as if the intruder were communicating with the access point based upon the stored identification information; and

iv) transmitting a communication comprising a channel change request to the access point wherein the channel change request reroutes authorized traffic to a different communication channel while continuing to communicate with the intruder on an original channel.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network security system includes a system data store capable of storing a variety of data associated with a wireless computer network and communication transmitted thereon, a communication interface supporting wireless communication over the wireless computer network and a system processor. Configuration data associated with an access point on a wireless computer network potentially compromised by an intruder is received. Information contained within and/or derived from the received configuration data is stored. Communication with the intruder is continued by emulating the identification characteristics of the potentially compromised access point. A channel change request is transmitted to the potentially compromised access point to reroute communication between the potentially compromised access point and authorized stations such that communications may continue on a different channel.

Citations

19 Claims

1. A network security system, the system comprising:
- a) a system data store capable of storing network default and configuration data;
  
  b) a wireless transmitter capable of transmitting communications over a wireless computer network;
  
  c) a wireless receiver capable of receiving communications transmitted over the wireless computer network;
  
  d) a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store, the wireless receiver and the wireless transmitter and wherein the system processor is programmed or adapted to perform the steps comprising of;
  
  i) receiving configuration data associated with an access point potentially compromised by an intruder;
  
  ii) storing in the system data store identification information associated with the access point based on the received configuration data;
  
  iii) communicating with the intruder via the wireless transmitter and receiver as if the intruder were communicating with the access point based upon the stored identification information; and
  
  iv) transmitting a communication comprising a channel change request to the access point wherein the channel change request reroutes authorized traffic to a different communication channel while continuing to communicate with the intruder on an original channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 16, 17, 18, 19)
- - 2. The system of claim 1, wherein the system processor is further programmed or adapted to perform the step comprising of mapping station identity.
  - 3. The system of claim 1, wherein the system processor is further programmed or adapted to perform the step comprising of mapping station location.
  - 4. The system of claim 1, wherein the system processor is further programmed or adapted to perform the step comprising of monitoring the wireless computer network using the wireless receiver.
  - 5. The system of claim 4, wherein the system processor is further programmed or adapted to perform the step comprising of communicating information derived from monitoring the wireless computer network to an intrusion detection system.
  - 6. The system of claim 5, further comprising a wired communication interface via which the system processor communicates with the intrusion detection system.
  - 7. The system of claim 5, further comprising the intrusion detection system and wherein the system processor is programmed or adapted to receive the configuration data associated with the access point from the intrusion detection system.
  - 8. The system of claim 1, further comprising a wired communication interface via which the system processor communicates with the access point and wherein the system processor is programmed or adapted to transmit the communication comprising the channel change request via the wired communication interface.
  - 9. The system of claim 1, further comprising a wired communication interface via which the system processor communicates with an intrusion detection system and wherein the system processor is programmed or adapted to receive the configuration data associated with the access point from the intrusion detection system via the wired communication interface.
  - 10. The system of claim 1, wherein the system processor is further programmed or adapted to perform the step comprising of requesting the configuration data associated with the access point.
  - 11. The system of claim 10, wherein the system processor is further programmed or adapted to perform the step comprising of receiving an active defense request signal and wherein the system processor requests the configuration data associated with the access point in response to received active defense request signal.
  - 12. The system of claim 10, wherein the system processor is further programmed or adapted to request the configuration data associated with the access point from the access point or from an intrusion detection system.
  - 16. The system of claim 1, wherein the access point has been left intentionally vulnerable so as to attract and trap communications from potential intruders.
  - 17. The system of claim 1, wherein communications sent to the intruder by the processor emulate the identification information associated with the access point.
  - 18. The system of claim 17, wherein the communications include modified data from an internal computer network, the modified data being modified to include false data that gives the appearance of being authentic.
  - 19. The system of claim 1, wherein the channel change request is transmitted over a network to the access point as a result of detecting a possible intruder.

13. A network security method, the method comprising the steps of:
- a) receiving an active defense request signal from an intrusion detection system, wherein the received request signal comprises an access point indicator corresponding to an access point potentially compromised by an intruder;
  
  b) requesting configuration data associated with the access point from the access point or the intrusion detection system;
  
  c) receiving the configuration data associated with the access point;
  
  d) storing identification information associated with the access point based on the received configuration data;
  
  e) communicating with the intruder as if the intruder were communicating with the access point based upon the stored identification information;
  
  f) transmitting a communication comprising a channel change request to the access point wherein the channel change request reroutes authorized traffic to a different communication channel while continuing to communicate with the intruder on an original channel; and
  
  g) identifying a node or location associated with the intruder.
- View Dependent Claims (14)
- - 14. Computer readable storage media storing instructions that upon execution by a system processor causes the system processor to perform the method of claim 13.

15. A network security system, the system comprising:
- a) storing means for receiving and storing configuration information comprising network configuration and default data;
  
  b) wireless receiving means for receiving communications transmitted over the wireless communication network;
  
  c) wireless transmitting means for transmitting communications over the wireless communication network;
  
  d) defense request receiving means for receiving an active defense request signal from an intrusion detection system, wherein the received request signal comprises an access point indicator corresponding to an access point in the wireless computer network potentially compromised by an intruder;
  
  e) honeypot processing means for;
  
  i) requesting configuration data associated with the access point from the access point or the intrusion detection system;
  
  ii) receiving the configuration data associated with the access point;
  
  iii) storing identification information associated with the access point based on the received configuration data;
  
  iv) communicating with the intruder via the wireless receiver means and the wireless transmitter means as if the intruder were communicating with the access point based upon the stored identification information; and
  
  v) transmitting a communication comprising a channel change request to the access point wherein the channel change request reroutes authorized traffic to a different communication channel while continuing to communicate with the intruder on an original channel; and
  
  f) mapping means for identifying a node or location associated with the intruder.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
AirDefense Incorporated (Motorola Solutions, Inc.)
Inventors
Hrastar, Scott
Primary Examiner(s)
Vu, Huy D.
Assistant Examiner(s)
Davis, Cynthia L.

Application Number

US10/161,440
Publication Number

US 20030219008A1
Time in Patent Office

1,436 Days
Field of Search

709/224, 370/277, 370/310, 370/329, 713/200, 713/201
US Class Current

370/310
CPC Class Codes

H04L 41/06   Management of faults, event...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

H04W 12/122   Counter-measures against at...

H04W 12/125   Protection against power ex...

H04W 88/08   Access point devices

System and method for wireless LAN dynamic channel change with honeypot trap

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for wireless LAN dynamic channel change with honeypot trap

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links