Discovery of rogue access point location in wireless network environments

US 7,336,670 B1
Filed: 10/24/2003
Issued: 02/26/2008
Est. Priority Date: 06/30/2003
Status: Active Grant

First Claim

Patent Images

1. In a wireless network environment comprising at least one authorized access point connected to a wired computer network, a method for detecting whether a rogue access point is connected to the wired computer network, comprisingdetecting a rogue access point,identifying at least one authorized access point that neighbors the rogue access point;

selecting an authorized access point from the at least one authorized access point in the identifying step;

establishing a wireless connection between the selected authorized access point and the rogue access point;

wirelessly transmitting a rogue location discovery packet from the selected authorized access point to the rogue access point, wherein the rogue location discovery packet is addressed to a network device connected to the computer network;

monitoring for receipt of the rogue location discovery packet at the network device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses and systems facilitating location or containment of rogue or unauthorized access points on wireless computer network environments. Embodiments of the present invention support one to a plurality of rogue containment methodologies. A first rogue containment type involves identification of the physical connection of the rogue access point to the wired network infrastructure and, thus, allows for disabling of that physical connection to contain the rogue access point. Other rogue containment methods involve wireless techniques for containing the effect of rogue access points. In some embodiments, the present invention provides methods, apparatuses and systems facilitating network location of rogue access points to determine whether one or more rogue containment methodologies should be applied. As discussed below, the rogue location and containment functionality described herein can be applied to a wide variety of wireless network system architectures.

Citations

29 Claims

1. In a wireless network environment comprising at least one authorized access point connected to a wired computer network, a method for detecting whether a rogue access point is connected to the wired computer network, comprisingdetecting a rogue access point,identifying at least one authorized access point that neighbors the rogue access point;
- selecting an authorized access point from the at least one authorized access point in the identifying step;
  
  establishing a wireless connection between the selected authorized access point and the rogue access point;
  
  wirelessly transmitting a rogue location discovery packet from the selected authorized access point to the rogue access point, wherein the rogue location discovery packet is addressed to a network device connected to the computer network;
  
  monitoring for receipt of the rogue location discovery packet at the network device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the network device is the authorized access point.
  - 3. The method of claim 1 wherein the network device is a central control element.
  - 4. The method of claim 1 further comprisingapplying at least one rogue containment method, if the rogue location discovery packet is received at the network device.
  - 5. The method of claim 1 further comprisingreporting the detected rogue access point, if the rogue location discovery packet is not received at the network device within a threshold period of time.
  - 6. The method of claim 1, wherein the wired computer network is implemented by at least one network device operative to switch or route data units between devices connected thereto, the data units including a source address and a destination address, wherein the at least one network device comprises at least two ports to which other devices connect, and wherein the at least one network device is operative to store the source addresses of the data units encountered at the ports of the at least one network device, and wherein the method comprisesif the rogue location discovery packet is not received at the network device within a threshold period of time, thendetermining the address of at least one rogue client associated with the rogue access point;
    - andidentifying the port to which the rogue access point is connected by querying, using the addresses of the at least one rogue client in the determining step, the at least one network device for the port at which data units sourced from the at least one rogue client were encountered.
  - 7. The method of claim 6 further comprisingdisabling the identified port.
  - 8. The method of claim 6 further comprisinglocating the edge port, if more than one network device responds in the querying step.
  - 9. The method of claim 6 wherein the at least one network device is an Ethernet switch.

10. In a wireless network environment comprising at least one authorized access point connected to a wired computer network, the wired computer network including dynamic network address assignment functionality, a method for detecting whether a rogue access point is connected to the wired computer network, comprisingdetecting a rogue access point,identifying at least one authorized access point that neighbors the rogue access point;
- selecting an authorized access point from the at least one authorized access point in the identifying step;
  
  establishing a wireless connection between the selected authorized access point and the rogue access point;
  
  obtaining a dynamic computer network address for the selected authorized access point;
  
  wirelessly transmitting a rogue location discovery packet from the selected authorized access point to the rogue access point, wherein the rogue location discovery packet is logically addressed to a network device connected to the computer network;
  
  monitoring for receipt of the rogue location discovery packet at the network device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10 wherein the network device is the authorized access point.
  - 12. The method of claim 10 wherein the network device is a central control element.
  - 13. The method of claim 10 further comprisingapplying at least one rogue containment method, if the rogue location discovery packet is received at the network device.
  - 14. The method of claim 10 further comprisingreporting the detected rogue access point, if the rogue location discovery packet is not received at the network device within a threshold period of time.
  - 15. The method of claim 10 wherein the rogue location discovery packet includes a digital signature.
  - 16. The method of claim 10 further comprising comparing the obtained dynamic network address to the network address of the network device to determine whether the network device and the rogue access point are connected to the same subnet.
  - 17. The method of claim 16 further comprisingtransmitting an Address Resolution Protocol request to resolve the link layer address of a gateway node, if the network device and the rogue access point are on different subnets;
    - andsetting the link layer destination address of the rogue location discovery packet to the link layer address in the response to the Address Resolution Protocol request.

18. In a wireless network environment comprising at least one authorized access point connected to a wired computer network, the wired computer network including dynamic network address assignment functionality, a method for detecting whether a rogue access point is connected to the wired computer network, comprisingdetecting a rogue access point,observing at least one data frame including a logical network address of a wireless client associated with the rogue access point;
- selecting a logical network address identified in the observing step;
  
  identifying at least one authorized access point that neighbors the rogue access point;
  
  selecting an authorized access point from the at least one authorized access point in the identifying step;
  
  establishing a wireless connection between the selected authorized access point and the rogue access point;
  
  wirelessly transmitting a rogue location discovery packet from the selected authorized access point to the rogue access point, wherein the rogue location discovery packet is logically addressed to a network device connected to the computer network; and
  
  wherein the source address of the rogue location discovery packet is set to the logical network address of the selected wireless client; and
  
  monitoring for receipt of the rogue location discovery packet at the network device.

19. In a computer network environment comprising a wired computer network implemented by at least one network device operative to switch or route data units between devices connected thereto, the data units including a source address and a destination address, wherein the at least one network device comprises at least two ports to which other devices connect, and wherein the at least one network device is operative to store the source addresses of the data units encountered at the ports of the at least one network device, a method for network location of a rogue access point, comprisingdetecting a rogue access point,determining the address of at least one rogue client associated with the rogue access point;
- andquerying, using the addresses of the at least one rogue client in the determining step, the at least one network device for the port at which data units sourced from the at least one rogue client were encountered.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19 further comprisingif the at least one network device responds with an identified port, disabling the identified port.
  - 21. The method of claim 19 further comprisinglocating an edge port, if more than one network device responds in the querying step.
  - 22. The method of claim 19 wherein the at least one network device is an Ethernet switch.

23. A wireless network system facilitating network location of rogue systems, comprisinga plurality of access elements for wireless communication with at least one remote client element and for communication with a central control element;
- a central control element for supervising at least one of said access elements, wherein the central control element is operative to manage and control the wireless connections between the access elements and corresponding remote client elements;
  
  the central control element including the at least one network interface operatively connected to a wired computer network; and
  
  wherein the access elements are each operative to;
  
  establish and maintain, in an access point mode, wireless connections with remote client elements; and
  
  wherein the access elements, under control of the central control element are further operative to;
  
  establish a wireless connection to a detected rogue access point;
  
  transmit a rogue location discovery packet to the detected rogue access point, wherein the destination address of the rogue location discovery packet is set to the central control element;
  
  and wherein the central control element is operative to;
  
  monitor for receipt of rogue location discovery packets on the network interface.
- View Dependent Claims (24, 25, 26, 27, 28, 29)
- - 24. The system of claim 23 wherein the rogue location discovery packet is sourced from the central control element to the access element.
  - 25. The system of claim 23 wherein the access element, under control of the central control element, is further operative to obtain a dynamic logical network address.
  - 26. The system of claim 23 wherein the central control element is further operative to apply at least one rogue containment method, if the rogue location discovery packet is received at the network device.
  - 27. The system of claim 23 wherein the central control element is further operative to report the detected rogue access point, if the rogue location discovery packet is not received at the network device within a threshold period of time.
  - 28. The system of claim 23 wherein the access elements are further operative toswitch to a scanning mode for a scanning period at a scanning interval to detect wireless traffic,record scan data characterizing the detected wireless traffic, andtransmit the scan data to the central control element;
    - andwherein the central control element is operative toprocess the scan data against information relating to known access elements to identify rogue access points,to contain the detected rogue access point(s).
  - 29. The system of claim 23 wherein the central control element is operative toestablish a tunnel with access elements for transmission of wireless traffic associated with corresponding remote client elements, andbridge network traffic between the computer network and a remote client element through a tunnel with a corresponding access element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Airespace, Inc. (Cisco Systems, Inc.)
Inventors
Jain, Sudhir Kumar, Galloway, Brett, Calhoun, Patrice R., Friday, Robert J., O'Hara, Robert B. Jr., Dietrich, Paul F., Frascone, David Anthony
Primary Examiner(s)
HO, DUC CHI

Application Number

US10/692,699
Time in Patent Office

1,586 Days
Field of Search

None
US Class Current

370/401
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/14   for detecting or protecting...

H04L 63/1416   Event detection, e.g. attac...

H04W 12/122   Counter-measures against at...

Discovery of rogue access point location in wireless network environments

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Discovery of rogue access point location in wireless network environments

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links