Wireless network system including integrated rogue access point detection

US 7,346,338 B1
Filed: 04/04/2003
Issued: 03/18/2008
Est. Priority Date: 04/04/2003
Status: Active Grant

First Claim

Patent Images

1. A system facilitating automatic detection of rogue access points, comprisinga data collector,at least one access element for wireless communication with at least one remote client element and for communication with the data collector,wherein the at least one access element is operative to:

establish and maintain, in an access point mode, wireless connections with remote client elements;

switch to a scanning mode for a scanning period at a scanning interval to detect wireless traffic,record scan data characterizing the detected wireless traffic, andtransmit the scan data to the data collector;

wherein the data collector is operative toprocess the scan data against an access point table including information relating to authorized access points, and against an ignored access point table storing information relating to unauthorized access points that have been previously detected and placed in the ignored access point table, to identify rogue access elements.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses and systems facilitating automated detection of rogue wireless access points in a wireless network environment. The present invention, in one embodiment, integrates automated detection of rogue access points into wireless network systems. As discussed more fully below, the present invention can be applied to a variety of wireless network system architectures.

Citations

19 Claims

1. A system facilitating automatic detection of rogue access points, comprisinga data collector,at least one access element for wireless communication with at least one remote client element and for communication with the data collector,wherein the at least one access element is operative to:
- establish and maintain, in an access point mode, wireless connections with remote client elements;
  
  switch to a scanning mode for a scanning period at a scanning interval to detect wireless traffic,record scan data characterizing the detected wireless traffic, andtransmit the scan data to the data collector;
  
  wherein the data collector is operative toprocess the scan data against an access point table including information relating to authorized access points, and against an ignored access point table storing information relating to unauthorized access points that have been previously detected and placed in the ignored access point table, to identify rogue access elements.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1 wherein the scanning period is a configurable parameter.
  - 3. The system of claim 1 wherein the scanning interval is a configurable parameter.
  - 4. The system of claim 1 wherein the access element is operative to scan for wireless traffic on a plurality of frequency channels.
  - 5. The system of claim 1 wherein the wireless traffic comprises a plurality of packets;
    - and wherein a scanning daemon is operative to parse the information in the packets, and transmit the packet information to the data collector.
  - 6. The system of claim 1 wherein the access elements are operative to bridge wireless traffic between the remote client elements and a computer network.
  - 7. The system of claim 1 further comprising a second data collector associated with a second plurality of access elements, wherein the first and second data collectors are operative to exchange data relating to access elements.
  - 8. The apparatus of claim 1 wherein the scan data comprises at least one scan data entry corresponding to a detected access point.
  - 9. The apparatus of claim 8 wherein the scan data entry comprises a MAC address and a service set identifier.

10. An apparatus facilitating the automatic detection of rogue access points, comprisinga transmit/receive unit for wireless communication with at least one remote client element,a network interface for communication with a data collector over a computer network,wherein the apparatus is operative to:
- establish and maintain, in an access point mode, wireless connections with remote client elements to bridge wireless traffic between the remote client elements and a computer network;
  
  switch from the access point mode to a scanning mode for a scanning period at a scanning interval to detect wireless traffic on at least one frequency channel,announce a contention-free period prior to switching from the access point mode to the scanning mode;
  
  record scan data characterizing the detected wireless traffic, andtransmit the scan data to a data collector.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus of claim 10 wherein the scanning period is a configurable parameter.
  - 12. The apparatus of claim 10 wherein the scanning interval is a configurable parameter.
  - 13. The apparatus of claim 10 wherein the apparatus is operative to scan for wireless traffic on a plurality of frequency channels.
  - 14. The apparatus of claim 10 wherein the wireless traffic comprises a plurality of packets;
    - and wherein the apparatus is operative to parse the information in the packets, and transmit the packet information to the data collector.
  - 15. The apparatus of claim 10 wherein the apparatus is operative to bridge wireless traffic between the remote client elements and the computer network.
  - 16. The apparatus of claim 10 further comprising a scanning daemon operative to switch the apparatus from the access point mode to the scanning mode.
  - 17. The apparatus of claim 10 wherein the scan data comprises at least one scan data entry corresponding to a detected access point.
  - 18. The apparatus of claim 17 wherein the scan data entry comprises a MAC address and a service set identifier.

19. A system facilitating automatic detection of rogue access points, comprisinga plurality of access elements for wireless communication with at least one remote client element and for communication with a central control element;
- a central control element for supervising said access elements, wherein the central control element is operative to manage wireless connections between the access elements and corresponding remote client elements,wherein the access elements are each operative toestablish and maintain, in an access point mode, wireless connections with remote client elements;
  
  switch to a scanning mode for a scanning period at a scanning interval to detect wireless traffic,record scan data characterizing the detected wireless traffic, andtransmit the scan data to the central control element;
  
  wherein the central control element is operative to process the scan data against information relating to known access elements to identify rogue access points;
  
  a second plurality of access elements for wireless communication with at least one remote client element and for communication with a central control element; and
  
  a second central control element for supervising said second plurality of access elements, wherein the second central control element is operative to manage wireless connections between the access elements and corresponding remote client elements,wherein the second access elements are each operative toestablish and maintain, in an access point mode, wireless connections with remote client elements;
  
  switch to a scanning mode for a scanning period at a scanning interval to detect wireless traffic,record scan data characterizing the detected wireless traffic, andtransmit the scan data to the second central control element;
  
  wherein the second central control element is operative to process the scan data against information relating to known access elements to identify rogue access elements; and
  
  wherein the first and second central control elements are operative to exchange information relating to known access elements.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Airespace, Inc. (Cisco Systems, Inc.)
Inventors
Freecone, David Anthony, Calhoun, Patrice R., O'Hara, Robert B. Jr.
Primary Examiner(s)
SMITH, CREIGHTON H

Application Number

US10/407,370
Time in Patent Office

1,810 Days
Field of Search

455/410, 455/423, 455/456.1
US Class Current

455/411
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04W 12/122   Counter-measures against at...

H04W 24/02   Arrangements for optimising...

H04W 84/12   WLAN [Wireless Local Area N...

Wireless network system including integrated rogue access point detection

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless network system including integrated rogue access point detection

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links