Method, apparatus, and software product for detecting rogue access points in a wireless network
First Claim
1. A method comprising:
- a central management entity managing managed access points (APs) of a wireless network, including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of the managed access point;
maintaining an AP database that includes information about managed APs and friendly APs of the wireless network, including for each managed AP in the AP database, the service set identifier of the managed AP and one or more of the configuration parameters;
sending a scan request to one or more managed APs of the wireless network, the scan request including a request for the receiving managed AP to scan for beacons and probe responses; and
receiving reports from at least one of the receiving managed APs about beacons or probe responses from any potential rogue AP, including, for each potential rogue AP from which a beacon or probe response was received, detection information, and information on the beacon or probe response received sent by the potential rogue AP,wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, andwherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters; and
for each beacon or probe response from a potential rogue AP on which information is received, ascertaining if the potential rogue AP is a managed AP, including;
ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP,such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, an apparatus, and a software program to implement a method to detect a rogue access point of a wireless network. The method includes maintaining an AP database that includes information about managed access point (APs) and friendly APs, including the MAC address of each managed AP. The method further includes sending a scan request to one or more managed APs, including one or more of a request for the receiving managed AP to scan for beacons and probe responses and a request for the receiving managed AP to request its clients to scan for beacons and probe responses. The method further includes receiving reports from at least one of the receiving managed APs, a report including information on any beacon or probe response received that was sent by an AP. For each beacon or probe response on which information is received, the method analyzes the information received in the report about the AP that sent the beacon or probe response, the analyzing including ascertaining if the MAC address of the AP that sent the beacon or probe response matches a MAC address of an AP in the AP database to ascertain whether or not the AP is a potential rogue AP or a managed or friendly AP.
-
Citations
36 Claims
-
1. A method comprising:
-
a central management entity managing managed access points (APs) of a wireless network, including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of the managed access point; maintaining an AP database that includes information about managed APs and friendly APs of the wireless network, including for each managed AP in the AP database, the service set identifier of the managed AP and one or more of the configuration parameters; sending a scan request to one or more managed APs of the wireless network, the scan request including a request for the receiving managed AP to scan for beacons and probe responses; and receiving reports from at least one of the receiving managed APs about beacons or probe responses from any potential rogue AP, including, for each potential rogue AP from which a beacon or probe response was received, detection information, and information on the beacon or probe response received sent by the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters; and for each beacon or probe response from a potential rogue AP on which information is received, ascertaining if the potential rogue AP is a managed AP, including; ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 28, 29, 30)
-
-
16. A method comprising:
-
receiving a scan request at an access point (AP) of a wireless network to scan for beacons and probe responses, the request received from a management entity coupled to a WLAN manager managing a set of managed APs, the managing of the managed APs including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of the managed APs and maintaining an AP database that contains information about managed APs and friendly APs of the wireless network, the information in the AP database including for each managed AP in the AP database, the service set identifier of the managed AP and one or more of the configuration parameters; listening for beacons and probe responses at the AP receiving the scan; and sending a scan report to the WLAN manager including information on any beacon or probe response received from a potential rogue AP by the AP receiving the scan request, the information including, for each potential rogue AP from which a beacon or probe response was received, detection information, and information on the beacon or probe response from the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters, such that for each beacon or probe response from a potential rogue AP on which information is received at the WLAN manager, ascertaining if the potential rogue AP is a managed AP, including; ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 31, 32, 33)
-
-
24. A computer-readable medium encoded with computer readable instructions that when executed cause one or more processors of a processing system to execute a method comprising:
-
managing managed access points (APs) of a wireless network, including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of each managed access point; maintaining an AP database that includes information about managed APs and friendly APs of the wireless network, including for each managed AP in the AP database, the service set identifier of the managed AP and one or more of the configuration parameters; sending a scan request to one or more managed APs of the wireless network, the scan request including a request for the receiving managed AP to scan for beacons and probe responses; and receiving reports from at least one of the receiving managed APs about beacons or probe responses from any potential rogue AP, including, for each potential rogue AP from which a beacon or probe response was received, detection information, and information on the beacon or probe response received sent by the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters; and for each beacon or probe response from a potential rogue AP on which information is received, ascertaining if the potential rogue AP is a managed AP, including; ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP. - View Dependent Claims (34, 35, 36)
-
-
25. A computer-readable medium encoded with computer readable instructions to instruct one or more processors of a processing system to execute a method at an access point (AP) of a wireless network comprising:
-
receiving a scan request to scan for beacons and probe responses, the request received from a management entity coupled to a WLAN manager managing a set of managed APs, the managing of the managed APs including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of the managed APs and maintaining an AP database that contains information about the managed APs and friendly APs of the wireless network, the information in the AP database including for each managed AP in the AP database, the service set identifier of the managed AP and one or more of the configuration parameters; listening for beacons and probe responses at the AP receiving the scan request; and sending a scan report to the WLAN manager including information on any beacon or probe response received from a potential rogue AP by the AP receiving the scan request, the information including, for each potential rogue AP from which a beacon or probe response was received, detection information, and information on the beacon or probe response from the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters, such that for each beacon or probe response from a potential rogue AP on which information is received at the WLAN manager, ascertaining if the potential rogue AP is a managed AP, including; ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP.
-
-
26. An apparatus comprising:
-
a processing system including a memory and a network interface to couple the apparatus to a network, the network including a set of managed access points (APs) of a wireless network; and a tangible medium storing an AP database coupled to the processing system and containing information about the managed APs and friendly APs of the wireless network, including information related to how each managed AP in the AP database is configured, wherein the processing system is programmed to; manage the managed APs, including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of each managed access point; maintain the AP database that includes information about the managed APs, including for each managed AP, the service set identifier of the managed AP and one or more of the configuration parameters; send a scan request to one or more managed APs of the wireless network, the scan request being for the receiving managed AP to scan for beacons and probe responses; and receive reports from at least one of the receiving managed APs about beacons or probe responses from any potential rogue AP, including, for each potential rogue AP from which a beacon or probe response was received, detection information, and information on the beacon or probe response received sent by the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters; and for each beacon or probe response from a potential rogue AP on which information is received, ascertaining if the potential rogue AP is a managed AP, including; ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP.
-
-
27. An access point (AP) for a wireless network, the access point comprising:
-
a processing system including a memory; a network interface to couple the access point to a network; a wireless transceiver coupled to the processing system to implement the PHY of a wireless station; the processing system including a MAC processor and programmed to; receive a scan request to scan for beacons and probe responses, the request received via the network interface from a management entity coupled to a WLAN manager coupled to the network and managing a set of managed, the managing including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of managed APs and maintaining an AP database that contains information about managed APs and friendly APs of the wireless network, including for each managed AP in the AP database, the service set identifier of the managed AP, and one or more of the configuration parameters; and send a scan report to the WLAN manager via the network interface, including information on any beacon or probe response received from a potential rogue AP, the scan report including for each potential rogue AP beacon or probe response was received, detection information, and information on the beacon or probe response from the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters, such that for each beacon or probe response on which information is received at the WLAN manager, analyzing the information received in the report about the potential rogue AP that sent the beacon or probe response includes, in order to ascertain if the potential rogue AP is a managed AP; (a) ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and (b) ascertaining if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP.
-
Specification