System and method for wireless LAN dynamic channel change with honeypot trap
First Claim
1. A network security system, the system comprising:
- a) a system data store capable of storing network default and configuration data;
b) a wireless transmitter capable of transmitting communications over a wireless computer network;
c) a wireless receiver capable of receiving communications transmitted over the wireless computer network;
d) a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store, the wireless receiver and the wireless transmitter and wherein the system processor is programmed or adapted to perform the steps comprising of;
i) receiving configuration data associated with an access point potentially compromised by an intruder;
ii) storing in the system data store identification information associated with the access point based on the received configuration data;
iii) communicating with the intruder via the wireless transmitter and receiver as if the intruder were communicating with the access point based upon the stored identification information; and
iv) transmitting a communication comprising a channel change request to the access point wherein the channel change request reroutes authorized traffic to a different communication channel while continuing to communicate with the intruder on an original channel.
8 Assignments
0 Petitions
Accused Products
Abstract
A network security system includes a system data store capable of storing a variety of data associated with a wireless computer network and communication transmitted thereon, a communication interface supporting wireless communication over the wireless computer network and a system processor. Configuration data associated with an access point on a wireless computer network potentially compromised by an intruder is received. Information contained within and/or derived from the received configuration data is stored. Communication with the intruder is continued by emulating the identification characteristics of the potentially compromised access point. A channel change request is transmitted to the potentially compromised access point to reroute communication between the potentially compromised access point and authorized stations such that communications may continue on a different channel.
-
Citations
19 Claims
-
1. A network security system, the system comprising:
-
a) a system data store capable of storing network default and configuration data; b) a wireless transmitter capable of transmitting communications over a wireless computer network; c) a wireless receiver capable of receiving communications transmitted over the wireless computer network; d) a system processor comprising one or more processing elements, wherein the system processor is in communication with the system data store, the wireless receiver and the wireless transmitter and wherein the system processor is programmed or adapted to perform the steps comprising of; i) receiving configuration data associated with an access point potentially compromised by an intruder; ii) storing in the system data store identification information associated with the access point based on the received configuration data; iii) communicating with the intruder via the wireless transmitter and receiver as if the intruder were communicating with the access point based upon the stored identification information; and iv) transmitting a communication comprising a channel change request to the access point wherein the channel change request reroutes authorized traffic to a different communication channel while continuing to communicate with the intruder on an original channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 16, 17, 18, 19)
-
-
13. A network security method, the method comprising the steps of:
-
a) receiving an active defense request signal from an intrusion detection system, wherein the received request signal comprises an access point indicator corresponding to an access point potentially compromised by an intruder; b) requesting configuration data associated with the access point from the access point or the intrusion detection system; c) receiving the configuration data associated with the access point; d) storing identification information associated with the access point based on the received configuration data; e) communicating with the intruder as if the intruder were communicating with the access point based upon the stored identification information; f) transmitting a communication comprising a channel change request to the access point wherein the channel change request reroutes authorized traffic to a different communication channel while continuing to communicate with the intruder on an original channel; and g) identifying a node or location associated with the intruder. - View Dependent Claims (14)
-
-
15. A network security system, the system comprising:
-
a) storing means for receiving and storing configuration information comprising network configuration and default data; b) wireless receiving means for receiving communications transmitted over the wireless communication network; c) wireless transmitting means for transmitting communications over the wireless communication network; d) defense request receiving means for receiving an active defense request signal from an intrusion detection system, wherein the received request signal comprises an access point indicator corresponding to an access point in the wireless computer network potentially compromised by an intruder; e) honeypot processing means for; i) requesting configuration data associated with the access point from the access point or the intrusion detection system; ii) receiving the configuration data associated with the access point; iii) storing identification information associated with the access point based on the received configuration data; iv) communicating with the intruder via the wireless receiver means and the wireless transmitter means as if the intruder were communicating with the access point based upon the stored identification information; and v) transmitting a communication comprising a channel change request to the access point wherein the channel change request reroutes authorized traffic to a different communication channel while continuing to communicate with the intruder on an original channel; and f) mapping means for identifying a node or location associated with the intruder.
-
Specification