Method and system for disrupting undesirable wireless communication of devices in computer networks

US 7,333,481 B1
Filed: 01/11/2006
Issued: 02/19/2008
Est. Priority Date: 10/11/2005
Status: Active Grant

First Claim

Patent Images

1. An apparatus for detecting undesirable wireless transmissions from one or more wireless devices, the apparatus comprising:

a processing module, the processing module including a micro processing device coupled to one or more memory devices;

a detection module coupled to the processing module, the detection module including a wireless communication receiving interface to detect wireless communication between at least two wireless devices, the two wireless devices including a first wireless device and a second wireless device, the detection module being configured to detect at least an access point hopping or at least a channel hopping associated with the wireless communication between the two wireless devices;

a receiver module coupled to the processing module, the receiver module including a messaging interface to receive information about the wireless communication between the two wireless devices from the detection module, the information including an IP address of at least one intended recipient of data transfer that occurs using the wireless communication between the two wireless devices; and

a redirection module coupled to the processing module, the redirection module including a wireless communication transmitting interface to transfer one or more messages to at least one of the two wireless devices to cause a change to a MAC address identity indicated as corresponding to the IP address of the at least one intended recipient of the data transfer in one or more memories coupled to the at least one wireless device to redirect the data transfer to cause disruption to the data transfer.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for disrupting unauthorized communications between at least two communication devices is provided. The method comprises using an address resolution protocol (ARP) to redirect transfer of data that occurs using unauthorized wireless communication between a first wireless device and a second wireless device. In a preferred embodiment, the method maintains a layer two wireless link while the data are being redirected.

29 Citations

View as Search Results

31 Claims

1. An apparatus for detecting undesirable wireless transmissions from one or more wireless devices, the apparatus comprising:
- a processing module, the processing module including a micro processing device coupled to one or more memory devices;
  
  a detection module coupled to the processing module, the detection module including a wireless communication receiving interface to detect wireless communication between at least two wireless devices, the two wireless devices including a first wireless device and a second wireless device, the detection module being configured to detect at least an access point hopping or at least a channel hopping associated with the wireless communication between the two wireless devices;
  
  a receiver module coupled to the processing module, the receiver module including a messaging interface to receive information about the wireless communication between the two wireless devices from the detection module, the information including an IP address of at least one intended recipient of data transfer that occurs using the wireless communication between the two wireless devices; and
  
  a redirection module coupled to the processing module, the redirection module including a wireless communication transmitting interface to transfer one or more messages to at least one of the two wireless devices to cause a change to a MAC address identity indicated as corresponding to the IP address of the at least one intended recipient of the data transfer in one or more memories coupled to the at least one wireless device to redirect the data transfer to cause disruption to the data transfer.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein the detection module, the receiver module and the redirection module are all provided in a sniffer device.
  - 3. The method of claim 1 wherein the detection module is provided in a first sniffer device and the receiver module and the redirection module are provided in a second sniffer device, the first and the second sniffer devices being different from each other.
  - 4. The method of claim 1 wherein a first portion of the detection module related to detecting the undesirable wireless communication is provided in a sniffer device and a second portion of the detection module related to detecting at least the access point hopping or at least the channel hopping associated with the undesirable wireless communication is provided in a server device, the server device being coupled to the sniffer device over a computer network.

5. A method for disrupting data transfer that occurs over wireless communications between a first wireless device and a second wireless device, the method comprising:
- detecting the first wireless device, the first wireless device configured for communicating over a plurality of radio channels and configured for a channel hopping process;
  
  detecting the second wireless device, the second wireless device being configured for communicating over the plurality of radio channels;
  
  detecting a layer 2 wireless link between the first wireless device and the second wireless device formed through a first radio channel from the plurality of radio channels;
  
  detecting a layer 3 transfer of data over the layer 2 wireless link between the first and the second wireless devices formed through the first radio channel; and
  
  disrupting the layer 3 transfer of data while maintaining the layer 2 wireless link between the first and the second wireless devices formed through the first radio channel by transferring one or more wireless signals from a third wireless device to at least the first wireless device or at least the second wireless device, the maintaining the layer 2 wireless link formed through the first radio channel being for preventing the first wireless device from detecting disconnection in the layer 2 wireless link formed through the first radio channel when the layer 3 transfer of data is disrupted;
  
  wherein the channel hopping process being for initiating another layer 2 wireless link between the first wireless device and the second wireless device through a second radio channel from the plurality of radio channels to cause at least a portion of the layer 3 transfer of data to occur over the another layer 2 wireless link through the second radio channel when the first wireless device detects disconnection in the layer 2 wireless link between the first wireless device and the second wireless device formed through the first radio channel, the first radio channel being different from the second radio channel.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The method of claim 5 wherein the one or more wireless signals are transferred through the first radio channel.
  - 7. The method of claim 5 wherein the layer 2 wireless link between the first wireless device and the second wireless device formed though the first radio channel is in accordance with an IEEE 802.11 protocol.
  - 8. The method of claim 5 wherein the layer 2 wireless link between the first wireless device and the second wireless device formed through the first radio channel is an ad hoc wireless link in accordance with an IEEE 802.11 MAC protocol.
  - 9. The method of claim 5 wherein the layer 2 wireless link between the first wireless device and the second wireless device formed through the first radio channel is an infrastructure mode wireless link in accordance with an IEEE 802.11 MAC protocol.
  - 10. The method of claim 5 wherein the one or more wireless signals comprises one or more address resolution protocol (ARP) messages.
  - 11. The method of claim 10 wherein the one or more wireless signals initiate an ARP poisoning process, the ARP poisoning process initiating a data rerouting process, the data rerouting process causing disruption to the layer 3 transfer of data.
  - 12. The method of claim 5 wherein at least the first radio channel or at least the second radio channel is provided in accordance with IEEE 802.11g or IEEE 802.11a protocol.

13. A method for disrupting data transfer that occurs over wireless communications between wireless client and wireless access point, the method comprising:
- detecting a layer 3 transfer of data over a layer 2 wireless link between a wireless client device and a first wireless access point, the wireless client device configured for an access point hopping process, the access point hopping process being for establishing a layer 2 wireless link between the wireless client device and a second wireless access point which is different from the first wireless access point to cause at least a portion of the layer 3 transfer of data to occur over the layer 2 wireless link between the wireless client device and the second wireless access point when the wireless client device detects a disconnection in the layer 2 wireless link between the wireless client device and the first wireless access point; and
  
  disrupting the layer 3 transfer of data while maintaining the layer 2 wireless link between the wireless client device and the first wireless access point by transferring one or more wireless signals from a wireless sniffer device to the wireless client device, the maintaining the layer 2 wireless link being for preventing the wireless client device from detecting the disconnection in the layer 2 wireless link between the wireless client device and the first wireless access point when the layer 3 transfer of data is disrupted.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 14. The method of claim 13 wherein the layer 2 wireless link between the wireless client device and the first wireless access point is in accordance with an IEEE 802.11 protocol.
  - 15. The method of claim 13 wherein the layer 2 wireless link between the wireless client device and the second wireless access point is in accordance with an IEEE 802.11 protocol.
  - 16. The method of claim 13 wherein the one or more wireless signals comprises one or more address resolution protocol (ARP) messages.
  - 17. The method of claim 13 wherein the one or more wireless signals comprises one or more transmission control protocol (TCP) reset messages.
  - 18. The method of claim 13 wherein the one or more wireless signals comprises at least one of random or erroneous data.
  - 19. The method of claim 13 wherein the first wireless access point is identified via a first IEEE 802.11 MAC address and the second wireless access points is identified via a second IEEE 802.11 MAC address, the first address being different from the second address.
  - 20. The method of claim 13 wherein the layer 2 wireless link between the wireless client device and the first wireless access point is in a connected state at each of the wireless client device and the first wireless access point prior to disrupting the layer 3 transfer of data.
  - 21. The method of claim 20 wherein the maintaining the layer 2 wireless link comprises maintaining the layer 2 wireless link between the wireless client device and the first wireless access point in the connected state at each of the wireless client device and the first wireless access point.
  - 22. The method of claim 21 wherein the connected state at the wireless client device is a state of being associated to the first wireless access point in accordance with an IEEE 802.11 MAC protocol.
  - 23. The method of claim 13 wherein the one or more wireless signals do not disconnect the layer 2 wireless link between the wireless client device and the first wireless access point.
  - 24. The method of claim 13 wherein the one or more wireless signals disrupt the layer 3 transfer of data.
  - 25. The method of claim 24 wherein the one or more wireless signals initiate a data rerouting process, the data rerouting process causing disruption to the layer 3 transfer of data.
  - 26. The method of claim 25 wherein the one or more wireless signals perform an ARP poisoning process to initiate the data rerouting process.
  - 27. The method of claim 13 wherein the one or more wireless signals cause a TCP connection associated with the layer 3 transfer of data to close to cause disruption to the layer 3 transfer of data.
  - 28. The method of claim 13 wherein the layer 3 transfer of data over the layer 2 wireless link between the wireless client device and the first wireless access point comprises a transfer of a plurality of Internet Protocol (IP) packets.
  - 29. The method of claim 28 wherein detecting the layer 3 transfer of data over the layer 2 wireless link between the wireless client device and the first wireless access point comprises detecting at least one packet from the plurality of IP packets being transferred over the layer 2 wireless link between the wireless client device and the first wireless access point.
  - 30. The method of claim 29 wherein disrupting the layer 3 transfer of data comprises preventing at least one packet from the plurality of IP packets from being transferred to its intended recipient over the layer 2 wireless link between the wireless client device and the first wireless access point.

31. A method for disrupting data transfer that occurs over wireless communications between wireless client and wireless access point, the method comprising:
- detecting a layer 3 transfer of data over a layer 2 wireless link between a wireless client device and a first wireless access point, the wireless client device configured for an access point hopping process, the access point hopping process being for establishing a layer 2 wireless link between the wireless client device and a second wireless access point which is different from the first wireless access point to cause at least a portion of the layer 3 transfer of data to occur over the layer 2 wireless link between the wireless client device and the second wireless access point when the wireless client device detects a disconnection in the layer 2 wireless link between the wireless client device and the first wireless access point; and
  
  disrupting the layer 3 transfer of data while maintaining the layer 2 wireless link between the wireless client device and the first wireless access point by transferring one or more wireless signals from a wireless sniffer device to the first wireless access point, the maintaining the layer 2 wireless link being for preventing the wireless client device from detecting the disconnection in the layer 2 wireless link between the wireless client device and the first wireless access point when the layer 3 transfer of data is disrupted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arista Networks, Inc.
Original Assignee
Airtight Networks Incorporated (Arista Networks, Inc.)
Inventors
Gopinath, Krishnamurthy Nagabhushan, Rawat, Jai, Chauhan, Pankaj
Primary Examiner(s)
Vu; Huy D.
Assistant Examiner(s)
HAN, CLEMENCE S

Application Number

US11/330,948
Time in Patent Office

769 Days
Field of Search

None
US Class Current

370/352
CPC Class Codes

H04L 12/4641 Virtual LANs, VLANs, e.g. v...

Method and system for disrupting undesirable wireless communication of devices in computer networks

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for disrupting undesirable wireless communication of devices in computer networks

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links