Containment of rogue systems in wireless network environments
First Claim
1. In a wireless network environment comprising at least one authorized access point, a method for containing rogue access points, the rogue access points including a virtual carrier-sense mechanism operative to adjust a counter in response to wireless frames transmitted from wireless stations, wherein the data frames include a duration value, the counter controlling the transmission of frames by the rogue access point, comprisingdetecting a rogue access point,identifying at least one authorized access point that neighbors the rogue access point;
- selecting at least one authorized access point in the identifying step;
configuring the at least one selected access point to periodically transmit wireless frames, the data frames including a predetermined duration value, and wherein the interval at which the data frames are periodically transmitted is less than the duration value.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparatuses and systems facilitating containment of the effects of rogue or unauthorized access points on wireless computer network environments. Embodiments of the present invention support one to a plurality of rogue containment methodologies. A first rogue containment type involves identification of the physical connection of the rogue access point to the wired network infrastructure and, thus, allows for disabling of that physical connection to contain the rogue access point. Other rogue containment methods involve wireless techniques for containing the effect of rogue access points. As discussed below, the rogue containment functionality described herein can be applied to a wide variety of wireless network system architectures.
-
Citations
15 Claims
-
1. In a wireless network environment comprising at least one authorized access point, a method for containing rogue access points, the rogue access points including a virtual carrier-sense mechanism operative to adjust a counter in response to wireless frames transmitted from wireless stations, wherein the data frames include a duration value, the counter controlling the transmission of frames by the rogue access point, comprising
detecting a rogue access point, identifying at least one authorized access point that neighbors the rogue access point; -
selecting at least one authorized access point in the identifying step; configuring the at least one selected access point to periodically transmit wireless frames, the data frames including a predetermined duration value, and wherein the interval at which the data frames are periodically transmitted is less than the duration value. - View Dependent Claims (2, 3, 4)
-
-
5. In a wireless network environment implementing a protocol according to which wireless stations terminate connections with access points upon receipt of de-authentication and/or disassociation frames, a method for containing rogue access points, comprising
detecting a rogue access point, the rogue access point identified by a wireless network address; -
selecting at least one authorized access point; emulating the rogue access point and periodically broadcasting, at repetition interval, beacon frames, wherein the beacon frames announce a contention-free period, and wherein the contention-free period is greater than the repetition interval.
-
-
6. A wireless network system enabling a directed association mechanism, comprising
a plurality of access elements for wireless communication with at least one remote client element and for communication with a central control element; -
a central control element for supervising at least one of said access elements, wherein the central control element is operative to manage and control the wireless connections between the access elements and corresponding remote client elements; and wherein the access elements are each operative to; establish and maintain, in an access point mode, wireless connections with remote client elements; switch to a scanning mode for a scanning period at a scanning interval to detect wireless traffic, record scan data characterizing the detected wireless traffic, and transmit the scan data to the central control element; wherein the central control element is operative to process the scan data against information relating to known access elements to identify rogue access points, to contain the detected rogue access point(s); and wherein the central control element is operative to establish a tunnel with access elements for transmission of wireless traffic associated with corresponding remote client elements, and bridge network traffic between a computer network and a remote client element through a tunnel with a corresponding access element. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
-
Specification