Discovery of rogue access point location in wireless network environments

US 8,089,974 B2
Filed: 12/27/2007
Issued: 01/03/2012
Est. Priority Date: 06/30/2003
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprisinga network interface, anda rogue containment module coupled to the network interface, wherein the rogue containment device is operative to:

detect a rogue access point,identify at least one authorized access point that neighbors the rogue access point;

select an authorized access point from the at least one authorized access point in the identifying step;

instruct the selected authorized access point to establish a wireless connection between the selected authorized access point and the rogue access point;

cause the selected authorized access point to wirelessly transmit a rogue location discovery packet from the selected authorized access point to the rogue access point, wherein the rogue location discovery packet is addressed to a network device; and

monitor for receipt of the rogue location discovery packet at the network device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses and systems facilitating location or containment of rogue or unauthorized access points on wireless computer network environments. Embodiments of the present invention support one to a plurality of rogue containment methodologies. A first rogue containment type involves identification of the physical connection of the rogue access point to the wired network infrastructure and, thus, allows for disabling of that physical connection to contain the rogue access point. Other rogue containment methods involve wireless techniques for containing the effect of rogue access points. In some embodiments, the present invention provides methods, apparatuses and systems facilitating network location of rogue access points to determine whether one or more rogue containment methodologies should be applied. As discussed below, the rogue location and containment functionality described herein can be applied to a wide variety of wireless network system architectures.

Citations

25 Claims

1. An apparatus comprisinga network interface, anda rogue containment module coupled to the network interface, wherein the rogue containment device is operative to:
- detect a rogue access point,identify at least one authorized access point that neighbors the rogue access point;
  
  select an authorized access point from the at least one authorized access point in the identifying step;
  
  instruct the selected authorized access point to establish a wireless connection between the selected authorized access point and the rogue access point;
  
  cause the selected authorized access point to wirelessly transmit a rogue location discovery packet from the selected authorized access point to the rogue access point, wherein the rogue location discovery packet is addressed to a network device; and
  
  monitor for receipt of the rogue location discovery packet at the network device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1 wherein the network device is the authorized access point.
  - 3. The apparatus of claim 1 wherein the network device is a central control element.
  - 4. The apparatus of claim 1 wherein the rogue containment module is further operative toapply at least one rogue containment method, if the rogue location discovery packet is received at the network device.
  - 5. The apparatus of claim 1 wherein the rogue containment module is further operative toreport the detected rogue access point, if the rogue location discovery packet is not received at the network device within a threshold period of time.
  - 6. The apparatus of claim 1, wherein the network interface is coupled to a wired computer network implemented by at least one network device operative to switch or route data units between devices connected thereto, the data units including a source address and a destination address, wherein the at least one network device comprises at least two ports to which other devices connect, and wherein the at least one network device is operative to store the source addresses of the data units encountered at the ports of the at least one network device, and wherein the rogue containment module is further operative toif the rogue location discovery packet is not received at the network device within a threshold period of time, thendetermine the address of at least one rogue client associated with the rogue access point;
    - andidentify the port to which the rogue access point is connected by querying, using the addresses of the at least one rogue client in the determining step, the at least one network device for the port at which data units sourced from the at least one rogue client were encountered.
  - 7. The apparatus of claim 6 wherein the rogue containment module is further operative todisable the identified port.
  - 8. The apparatus of claim 6 wherein the rogue containment module is further operative tolocate the edge port, if more than one network device responds in the querying step.
  - 9. The apparatus of claim 6 wherein the at least one network device is an Ethernet switch.

10. An apparatus comprisinga network interface, anda rogue containment module coupled to the network interface, wherein the rogue containment device is operative to:
- detect a rogue access point,select an authorized access point that neighbors the rogue access point, wherein the authorized access point is connected to a wired computer network, the wired computer network including dynamic network address assignment functionality;
  
  cause the selected authorized access point to obtain a dynamic computer network address, establish a wireless connection between the selected authorized access point and the rogue access point, and wirelessly transmit a rogue location discovery packet from the selected authorized access point to the rogue access point, wherein the rogue location discovery packet is logically addressed to a network device connected to the wired computer network; and
  
  monitor for receipt of the rogue location discovery packet at the network device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The apparatus of claim 10 wherein the network device is the authorized access point.
  - 12. The apparatus of claim 10 wherein the network device is a central control element.
  - 13. The apparatus of claim 10 wherein the rogue containment module is further operative toapply at least one rogue containment method, if the rogue location discovery packet is received at the network device.
  - 14. The apparatus of claim 10 wherein the rogue containment module is further operative toreport the detected rogue access point, if the rogue location discovery packet is not received at the network device within a threshold period of time.
  - 15. The apparatus of claim 10 wherein the rogue location discovery packet includes a digital signature.
  - 16. The apparatus of claim 10 wherein the rogue containment module is further operative to compare the obtained dynamic network address to the network address of the network device to determine whether the network device and the rogue access point are connected to the same subnet.
  - 17. The apparatus of claim 16 wherein the rogue containment module is further operative totransmit an Address Resolution Protocol request to resolve the link layer address of a gateway node, if the network device and the rogue access point are on different subnets;
    - andset the link layer destination address of the rogue location discovery packet to the link layer address in the response to the Address Resolution Protocol request.

18. An apparatus comprisinga network interface, anda rogue containment module coupled to the network interface, wherein the rogue containment device is operative to:
- detect a rogue access point,observe at least one data frame including a logical network address of a wireless client associated with the rogue access point;
  
  select an identified logical network address;
  
  select an authorized access point that neighbors the rogue access point;
  
  causing the selected authorized access point to establish a wireless connection between the selected authorized access point and the rogue access point, and wirelessly transmit a rogue location discovery packet from the selected authorized access point to the rogue access point, wherein the rogue location discovery packet is logically addressed to a network device connected to the computer network; and
  
  wherein the source address of the rogue location discovery packet is set to the logical network address of the selected wireless client; and
  
  monitor for receipt of the rogue location discovery packet at the network device.

19. An apparatus comprisinga network interface, anda rogue containment module coupled to the network interface, wherein the rogue containment device is operative to:
- detect a rogue access point,determine the address of at least one rogue client associated with the rogue access point; and
  
  query, using the addresses of the at least one rogue client in the determining step, at least one network device for a port at which data units sourced from the at least one rogue client were encountered, wherein the at least one network device operative to switch or route data units between devices connected thereto, the data units including a source address and a destination address, wherein the at least one network device comprises at least two ports to which other devices connect, and wherein the at least one network device is operative to store the source addresses of the data units encountered at the ports of the at least one network device.
- View Dependent Claims (20, 21, 22)
- - 20. The apparatus of claim 19 wherein the rogue containment module is further operative toif the at least one network device responds with an identified port, disable the identified port.
  - 21. The apparatus of claim 19 wherein the rogue containment module is further operative tolocate an edge port, if more than one network device responds to a query.
  - 22. The apparatus of claim 19 wherein the at least one network device is an Ethernet switch.

23. A method comprising:
- detecting a rogue access point;
  
  transmitting by a central control element of a wireless network, one or more rogue location discovery packets through the rogue access point to an authorized host connected to a first network; and
  
  monitoring the first network for receipt of the one or more rogue location discovery packets to determine whether the rogue access point is connected to the first network.
- View Dependent Claims (24, 25)
- - 24. The method of claim 23 further comprising disabling access to the first network for the detected rogue access point if the rogue access point is determined to be connected to the first network.
  - 25. The method of claim 23, wherein the authorized host is the central control element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Systems, Inc.
Inventors
Calhoun, Patrice R., Friday, Robert J., O'Hara, Robert B. Jr., Galloway, Brett, Frascone, David Anthony, Dietrich, Paul F., Jain, Sudhir Kumar
Primary Examiner(s)
HO, DUC CHI

Application Number

US11/965,162
Publication Number

US 20080101283A1
Time in Patent Office

1,468 Days
Field of Search

None
US Class Current

370/401
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/14   for detecting or protecting...

H04L 63/1416   Event detection, e.g. attac...

H04W 12/122   Counter-measures against at...

Discovery of rogue access point location in wireless network environments

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Discovery of rogue access point location in wireless network environments

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links