Device and method for detecting unauthorized, “rogue” wireless LAN access points

US 7,257,107 B2
Filed: 07/08/2004
Issued: 08/14/2007
Est. Priority Date: 07/15/2003
Status: Active Grant

First Claim

Patent Images

1. A wireless local area network (LAN) monitoring system comprising:

a wired LAN;

a wireless LAN comprising at least one access point connected to said wired LAN for allowing wireless devices to communicate to the wired LAN; and

a wireless LAN monitoring device connected to said wired LAN for receiving wireless LAN radio frequency signals from access points or wireless devices and determining the existence of an unauthorized access point or wireless device within the vicinity of the wired LAN, and comprising;

a low-noise preamplifier that receives wireless LAN radio frequency signals and preamplifies the signals,a network interface that receives the wireless LAN radio frequency signals from the low-noise preamplifier and demodulates the received wireless LAN radio frequency signals into packet communications signals, anda processor operatively connected to said network interface for monitoring and analyzing said packet communications signals for unauthorized access points and wireless devices.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system monitors and detects unauthorized wireless LAN access points and wireless devices. The system includes one or more wireless LAN monitoring devices, which detect and report the presence of unauthorized or “rogue” wireless LAN access points or wireless devices within a predetermined area, for example, within the vicinity of a wired LAN, including indoor and/or outdoor areas. Improved range is achieved through the use of preamplification and sectorized antennas. Larger areas may be covered using additional wireless LAN monitoring devices, which operate independently or cooperate together in the detection process. Geolocation is possible using single or multiple, cooperating monitoring devices. Provision can be made for monitoring devices to provide packet filtering on a wired LAN.

86 Citations

View as Search Results

56 Claims

1. A wireless local area network (LAN) monitoring system comprising:
- a wired LAN;
  
  a wireless LAN comprising at least one access point connected to said wired LAN for allowing wireless devices to communicate to the wired LAN; and
  
  a wireless LAN monitoring device connected to said wired LAN for receiving wireless LAN radio frequency signals from access points or wireless devices and determining the existence of an unauthorized access point or wireless device within the vicinity of the wired LAN, and comprising;
  
  a low-noise preamplifier that receives wireless LAN radio frequency signals and preamplifies the signals,a network interface that receives the wireless LAN radio frequency signals from the low-noise preamplifier and demodulates the received wireless LAN radio frequency signals into packet communications signals, anda processor operatively connected to said network interface for monitoring and analyzing said packet communications signals for unauthorized access points and wireless devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A wireless local area network (LAN) monitoring system according to claim 1, wherein said wireless LAN monitoring device comprises a communications port operatively connected to said processor and said wired LAN for transmitting on the wired LAN data regarding the results of any monitoring and analysis of the packet signals onto the wired LAN.
  - 3. A wireless local area network (LAN) monitoring system according to claim 2, wherein said communications port comprises an Ethernet port.
  - 4. A wireless local area network (LAN) monitoring system according to claim 2, and further comprising a second communications port through which packet communications signals are received for processing by said processor.
  - 5. A wireless local area network (LAN) monitoring system according to claim 4, wherein said second communications port comprises an Ethernet port.
  - 6. A wireless local area network (LAN) monitoring system according to claim 1, wherein said wired LAN comprises a server that receives data regarding the results of any monitoring and analysis of the packet signals for further processing.
  - 7. A wireless local area network (LAN) monitoring system according to claim 6, wherein said server comprises a database that stores media access control (MAC) or other network addresses of authorized access points and wireless devices which can be compared with any MAC or other network address of a monitored access point or wireless device.
  - 8. A wireless local area network (LAN) monitoring system according to claim 1, and further comprising an antenna connected to said low-noise preamplifier.
  - 9. A wireless local area network (LAN) monitoring system according to claim 8, wherein said antenna comprises a multi-sectored antenna, electrically or mechanically steerable beam antenna, or phased array antenna.
  - 10. A wireless local area network (LAN) monitoring system according to claim 8, wherein said wireless LAN monitoring device further comprises a second antenna for permitting antenna diversity or geolocation capabilities.
  - 11. A wireless local area network (LAN) monitoring system according to claim 10, wherein said second antenna comprises an omni-directional antenna.
  - 12. A wireless local area network (LAN) monitoring system according to claim 1, wherein said network interface comprises an integrated preamplifier operatively connected to said preamplifier.
  - 13. A wireless local area network (LAN) monitoring system according to claim 1, wherein said network interface comprises an 802.11 network interface.

14. A wireless local area network (LAN) monitoring system comprising:
- a wired LAN;
  
  a wireless LAN comprising at least one access point connected to said wired LAN for allowing wireless devices to communicate to the wired LAN; and
  
  a wireless LAN monitoring device connected to said wired LAN for receiving wireless LAN radio frequency signals from access points or wireless devices and determining the existence of an unauthorized access point or wireless device within the vicinity of the wired LAN, and comprising;
  
  a multi-sector antenna or phased array antenna that receives wireless LAN radio frequency signals,a network interface that receives the wireless LAN radio frequency signals from the antenna and demodulates the received radio frequency signals into packet communications signals; and
  
  a processor operatively connected to said network interface for monitoring and analyzing said packet communications signals for unauthorized access points and wireless devices.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. A wireless local area network (LAN) monitoring system according to claim 14, and further comprising a preamplifier operatively connected to said antenna and network interface for preamplifying said wireless LAN radio frequency signals before demodulation.
  - 16. A wireless local area network (LAN) monitoring system according to claim 15, wherein said wireless LAN monitoring device further comprises a second antenna for permitting antenna diversity or geolocation capabilities.
  - 17. A wireless local area network (LAN) monitoring system according to claim 16, wherein said preamplifier comprises a two-way RF switch and multiplexer circuit operatively connected to said first and second antennae for carrying antenna control signals to at least said multi-sector or phased array or second antenna.
  - 18. A wireless local area network (LAN) monitoring system according to claim 16, wherein said second antenna comprises an omni-directional antenna.
  - 19. A wireless local area network (LAN) monitoring system according to claim 15, wherein said network interface comprises an integrated preamplifier operatively connected to said preamplifier.
  - 20. A wireless local area network (LAN) monitoring system according to claim 14, wherein said network interface comprises an 802.11 network interface.
  - 21. A wireless local area network (LAN) monitoring system according to claim 14, wherein said wireless LAN monitoring device comprises a communications port operatively connected to said processor and said wired LAN for transmitting on the wired LAN data regarding the results of any monitoring and analysis of the packet signals onto the wired LAN.
  - 22. A wireless local area network (LAN) monitoring system according to claim 21, wherein said communications port comprises an Ethernet port.
  - 23. A wireless local area network (LAN) monitoring system according to claim 21, and further comprising a second communications port through which packet communications signals are received for processing by said processor.
  - 24. A wireless local area network (LAN) monitoring system according to claim 23, wherein said second communications port comprises an Ethernet port.
  - 25. A wireless local area network (LAN) monitoring system according to claim 23, wherein said wired LAN comprises a server that receives data regarding the results of any monitoring and analysis of the packet signals for further processing.
  - 26. A wireless local area network (LAN) monitoring system according to claim 25, wherein said server comprises a database that stores media access control (MAC) or other network addresses of authorized access points and wireless devices which can be compared with any MAC or other network address of a monitored access point or wireless device.

27. A wireless local area network (LAN) monitoring device for determining the existence of an unauthorized access point or wireless device comprising:
- a low-noise preamplifier that receives wireless LAN radio frequency signals from access points or wireless devices and preamplifies the signals;
  
  a network interface that receives the wireless LAN radio frequency signals from the low-noise preamplifier and demodulates the received wireless LAN radio frequency signals into packet communications signals; and
  
  a processor operatively connected to said network interface for monitoring and analyzing said packet communications signals for unauthorized access points and wireless devices.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 28. A wireless local area network (LAN) monitoring device according to claim 27, and further comprising a communications port operatively connected to said processor through which data is transmitted onto a wired LAN connected thereto.
  - 29. A wireless local area network (LAN) monitoring device according to claim 28, and further comprising a second communications port through which packet communications signals are received for processing by said processor.
  - 30. A wireless local area network (LAN) monitoring device according to claim 29, wherein said second communications port comprises an Ethernet port.
  - 31. A wireless local area network (LAN) monitoring device according to claim 27, wherein said communications port comprises an Ethernet port.
  - 32. A wireless local area network (LAN) monitoring device according to claim 27, and further comprising an antenna connected to said low-noise preamplifier.
  - 33. A wireless local area network (LAN) monitoring device according to claim 32, wherein said antenna comprises a multi-sectored antenna, electrically or mechanically steerable beam antenna, or phased array antenna.
  - 34. A wireless local area network (LAN) monitoring device according to claim 32, and further comprising a second antenna for permitting antenna diversity or geolocation capabilities.
  - 35. A wireless local area network (LAN) monitoring device according to claim 34, wherein said second antenna comprises an omni-directional antenna.
  - 36. A wireless local area network (LAN) monitoring device according to claim 34, and further comprising a communications port operatively connected to said processor through which data is transmitted onto a wired LAN connected thereto.
  - 37. A wireless local area network (LAN) monitoring device according to claim 36, wherein said communications port comprises an Ethernet port.
  - 38. A wireless local area network (LAN) monitoring device according to claim 36, and further comprising a second communications port through which packet communications signals are received for processing by said processor.
  - 39. A wireless local area network (LAN) monitoring device according to claim 38, wherein said second communications port comprises an Ethernet port.
  - 40. A wireless local area network (LAN) monitoring device according to claim 27, wherein said network interface comprises an integrated preamplifier operatively connected to said preamplifier.
  - 41. A wireless local area network (LAN) monitoring device according to claim 27, wherein said network interface comprises an 802.11 network interface.

42. A wireless local area network (LAN) monitoring device for determining the existence of an unauthorized access point or wireless device comprising:
- a multi-sector or phased array antenna that receives wireless LAN radio frequency signals from access points or wireless devices;
  
  a network interface that receives the wireless LAN radio frequency signals from the multi-sector or phased array antenna and demodulates the received radio frequency signals into packet communications signals; and
  
  a processor operatively connected to said networkinterface for monitoring and analyzing said packet communications signals for unauthorized access points and wireless devices.
- View Dependent Claims (43, 44, 45, 46, 47, 48)
- - 43. A wireless local area network (LAN) monitoring device according to claim 42, and further comprising a preamplifier operatively connected to said antenna and network interface for preamplifying said wireless LAN radio frequency signals before demodulation.
  - 44. A wireless local area network (LAN) monitoring device according to claim 42, and further comprising a second antenna for permitting antenna diversity or geolocation capabilities.
  - 45. A wireless local area network (LAN) monitoring device according to claim 42, wherein said preamplifier comprises a two-way RF switch and multiplexer circuit operatively connected to said first and second antennae for carrying antenna control signals.
  - 46. A wireless local area network (LAN) monitoring device according to claim 44, wherein said second antenna comprises an omni-directional antenna.
  - 47. A wireless local area network (LAN) monitoring device according to claim 42, wherein said network interface comprises an integrated preamplifier operatively connected to said preamplifier.
  - 48. A wireless local area network (LAN) monitoring device according to claim 42, wherein said network interface comprises an 802.11 network interface.

49. A method for monitoring a wireless local area network (LAN) for unauthorized access points or wireless devices, which comprises receiving wireless LAN radio frequency signals within a low-noise preamplifier from an access point or wireless device;
- demodulating the wireless LAN radio frequency signals into packet communications signals within a network interface; and
  
  monitoring and analyzing the packet communications signals within a processor for unauthorized access points and wireless devices.
- View Dependent Claims (50, 51, 52, 53, 54, 55, 56)
- - 50. A method according to claim 49, which further comprises interfacing the packet communications signal with a wired LAN.
  - 51. A method according to claim 50, which further comprises interfacing the packet communications signal with a wired LAN through an Ethernet port.
  - 52. A method according to claim 49, which further comprises receiving packet communications signals through a second communications port.
  - 53. A method according to claim 49, which further comprises receiving data related to the monitoring and analyzing of the packet communications signals within a server or computer for further processing.
  - 54. A method according to claim 53, which further comprises storing media access control (MAC) or other network addresses of authorized access points and wireless devices and comparing the MAC or other network address of the monitored access point or wireless device with the stored addresses for determining if a monitored access point or wireless device is authorized.
  - 55. A method according to claim 49, which further comprises receiving wireless LAN radio frequency signals through a second antenna.
  - 56. A method according to claim 55, which further comprises performing antenna diversity and geolocation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Highway Technologies Incorporated (HTS Acquisition Incorporated)
Inventors
Highsmith, William R., Gerhardt, Edward C., Swier, Richard M. Jr.
Primary Examiner(s)
ZEWDU, MELESS NMN

Application Number

US10/887,321
Publication Number

US 20050030929A1
Time in Patent Office

1,132 Days
Field of Search

37039552-39553, 370312-313, 370/310, 370/328, 370/338, 370/349, 370/410, 455410-411, 455/422.1, 455423-425, 455/426.2, 455/435.1, 455457-458, 455/466, 455/41.2, 455/524
US Class Current

370/338
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/1416   Event detection, e.g. attac...

H04W 12/088   using filters or firewalls

H04W 12/122   Counter-measures against at...

H04W 24/00   Supervisory, monitoring or ...

H04W 84/12   WLAN [Wireless Local Area N...

Device and method for detecting unauthorized, “rogue” wireless LAN access points

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

56 Claims

Specification

Use Cases

Quick Links

Others

Device and method for detecting unauthorized, “rogue” wireless LAN access points

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

56 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others