Automated method and system for monitoring local area computer networks for unauthorized wireless access
First Claim
1. A method for monitoring for unauthorized wireless access to a computer network, the method comprising:
- monitoring wireless communications within a selected geographic region, the selected geographic region including a wired portion of the computer network that is to be protected from unauthorized wireless access;
detecting a wireless access point device that transmits wireless signals within the selected geographic region, the wireless access point device being configured to perform a network address translation (NAT) function between its wired and wireless interfaces;
transmitting a marker packet to the wireless access point device by a radio interface on a monitoring device disposed within the selected geographic region over a wireless connection between a wireless station other than the monitoring device and the wireless access point device;
spoofing identity of the wireless station while transmitting the marker packet, the marker packet being adapted to be received by the wireless interface of the wireless access point device and being adapted to be transferred through the wireless access point device to its wired interface and being destined to a selected device coupled to the computer network;
determining that the marker packet is received at the selected device coupled to the computer network;
determining that the wireless access point device is connected to the wired portion of the computer network based at least upon the determining that the marker packet is received at the selected device coupled to the computer network; and
determining that the wireless access point device provides unauthorized wireless access to the wired portion of the computer network based at least upon the determining that the wireless access point device is connected to the wired portion.
8 Assignments
0 Petitions
Accused Products
Abstract
The wireless activity in a geographic area containing LAN connection ports is monitored using one or more sensor devices, called sniffers. By analyzing said wireless activity, one or more APs that are operating in said geographic area are identified. The active APs so identified are classified into three categories, namely “authorized” APs (those that are allowed by network administrator), “unauthorized” APs (those that are not allowed by the network administrator, but are still connected to the LAN of interest) and “external” APs (those that are not allowed by network administrator but are not connected to the LAN of interest, for example APs connected to the neighbor'"'"'s LAN) by conducting one or more tests. The sniffers detect any wireless station attempting to connect to or communicating with the one or more identified unauthorized APs. Upon identifying unauthorized AP and/or intruding wireless station an indication is transferred to the prevention process.
-
Citations
17 Claims
-
1. A method for monitoring for unauthorized wireless access to a computer network, the method comprising:
-
monitoring wireless communications within a selected geographic region, the selected geographic region including a wired portion of the computer network that is to be protected from unauthorized wireless access; detecting a wireless access point device that transmits wireless signals within the selected geographic region, the wireless access point device being configured to perform a network address translation (NAT) function between its wired and wireless interfaces; transmitting a marker packet to the wireless access point device by a radio interface on a monitoring device disposed within the selected geographic region over a wireless connection between a wireless station other than the monitoring device and the wireless access point device; spoofing identity of the wireless station while transmitting the marker packet, the marker packet being adapted to be received by the wireless interface of the wireless access point device and being adapted to be transferred through the wireless access point device to its wired interface and being destined to a selected device coupled to the computer network; determining that the marker packet is received at the selected device coupled to the computer network; determining that the wireless access point device is connected to the wired portion of the computer network based at least upon the determining that the marker packet is received at the selected device coupled to the computer network; and determining that the wireless access point device provides unauthorized wireless access to the wired portion of the computer network based at least upon the determining that the wireless access point device is connected to the wired portion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for monitoring for unauthorized wireless access to a computer network, the apparatus comprising:
-
a first radio interface; a processor unit; and a computer readable medium storing instructions executable by the processor unit configured to; monitor wireless communications using the first radio interface; detect a wireless access point device within a radio coverage range of the first radio interface, the wireless access point device being configured to perform a network address translation (NAT) function between its wired and wireless interfaces, the radio coverage range of the first radio interface including at least one connection point on a wired portion of the computer network that is to be protected from unauthorized wireless access; transmit a marker packet to the wireless access point device by the first radio interface over a wireless connection between a second radio interface and the wireless access point device, wherein the second radio interface is in a wireless station other than the apparatus; spoof identity of the second radio interface while transmitting the marker packet, the marker packet being adapted to be received by the wireless interface of the wireless access point device and being adapted to be transferred through the wireless access point device to its wired interface and being destined to a selected device coupled to the computer network; determine that the marker packet is received at the selected device coupled to the computer network; determine that the wireless access point device is connected to the wired portion of the computer network based at least upon the determining that the marker packet is received at the selected device coupled to the computer network; and determine that the wireless access point device provides unauthorized wireless access to the wired portion of the computer network based at least upon the determining that the wireless access point device is connected to the wired portion. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification