Rogue wireless access point detection

US 9,198,118 B2
Filed: 12/07/2012
Issued: 11/24/2015
Est. Priority Date: 12/07/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a detection system, a first set of wireless media access control addresses for wireless access points of a network from an authorized network device of the network;

receiving, at the detection system, a second set of wired media access control addresses for wired connections to the network; and

determining, with the detection system, whether a wireless access point is a potential rogue wireless device, wherein the wireless access point has a first wireless media access control address of the first set of wireless media access control addresses, and wherein determining whether the wireless access point is the potential rogue wireless device includes;

determining whether a difference between a numeric value of the first wireless media access control address and a numeric value of a second wired media access control address of the second set of wired media access control addresses satisfies a threshold amount; and

determining whether a first location associated with the first wireless media access control address corresponds to a second location associated with the second wired media access control address, wherein the wireless access point is determined to be the potential rogue wireless device when the difference satisfies the threshold amount and the first location corresponds to the second location, and wherein the potential rogue wireless device is associated with the first wireless media access control address and the second wired media access control address.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes, receiving a first set of media access control (MAC) addresses from one or more wireless communication detection devices of a network. The method also includes receiving a second set of MAC addresses from one or more wired devices of the network. The second set of MAC addresses corresponds to devices with wired connections to the network. The method further includes, determining that a wireless device having a first MAC address of the first set of media access control addresses is a potential rogue wireless device when a numeric value of the first MAC address and a numeric value of a second MAC address of the second set of MAC addresses differ by no more than a threshold amount and when a first location associated with a device that detects the first MAC address matches a second location associated with the second MAC address.

61 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, at a detection system, a first set of wireless media access control addresses for wireless access points of a network from an authorized network device of the network;
  
  receiving, at the detection system, a second set of wired media access control addresses for wired connections to the network; and
  
  determining, with the detection system, whether a wireless access point is a potential rogue wireless device, wherein the wireless access point has a first wireless media access control address of the first set of wireless media access control addresses, and wherein determining whether the wireless access point is the potential rogue wireless device includes;
  
  determining whether a difference between a numeric value of the first wireless media access control address and a numeric value of a second wired media access control address of the second set of wired media access control addresses satisfies a threshold amount; and
  
  determining whether a first location associated with the first wireless media access control address corresponds to a second location associated with the second wired media access control address, wherein the wireless access point is determined to be the potential rogue wireless device when the difference satisfies the threshold amount and the first location corresponds to the second location, and wherein the potential rogue wireless device is associated with the first wireless media access control address and the second wired media access control address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising, before determining whether the wireless access point is the potential rogue wireless device, filtering the second set of wired media access control addresses to form a filtered second set of wired media access control addresses, wherein the filtered second set of wired media access control addresses excludes information associated with authorized devices, and wherein the second media access control address is included in the filtered second set of wired media access control addresses.
  - 3. The method of claim 1, further comprising initiating an action responsive to determining that the wireless access point is the potential rogue wireless device.
  - 4. The method of claim 3, wherein the action includes dispatching a technician to investigate the wireless access point.
  - 5. The method of claim 3, wherein the action includes sending a message to a user of the wireless access point via a wired connection.
  - 6. The method of claim 3, wherein the action includes causing a wired routing device of the network to perform media access control address blocking associated with the second media access control address.
  - 7. The method of claim 1, further comprising:
    - in response to a determination that the wireless access point is the potential rogue wireless device, sending a message to a wired device associated with the second wired media access control address via a wired connection; and
      
      identifying the wireless access point as an active rogue wireless device in response to the message received from the wired device.
  - 8. The method of claim 7, wherein the message includes a ping message, a connection request, or both.
  - 9. The method of claim 1, wherein the wireless access point is the potential rogue wireless device when the difference satisfies the threshold amount and the first location corresponds to the second location, and wherein the potential rogue wireless device is associated with the first wireless media access control address and the second wired media access control address.
  - 10. The method of claim 1, wherein the difference satisfies the threshold amount when the difference is no more than the threshold amount.
  - 11. The method of claim 1, wherein the authorized network device includes a second wireless access point, a passive wireless communication monitoring device, or both.
  - 12. The method of claim 1, wherein the network comprises a geographically distributed, access controlled network including an authorized wireless access point and including a wired connection that is subject to different access controls than the authorized wireless access point.

13. A system comprisinga processor;
- anda memory accessible to the processor, the memory storing instructions that, when executed by the processor, cause the processor to perform operations comprising;
  
  receiving a first set of wireless media access control addresses for wireless access points of a network;
  
  receiving a second set of wired media access control addresses for devices with wired connections to the network; and
  
  determining whether a wireless access point is a potential rogue wireless device, wherein the wireless access point has a first wireless media access control address of the first set of wireless media access control addresses, and wherein determining whether the wireless access point is the potential rogue wireless device includes;
  
  determining whether a difference between a numeric value of the first wireless media access control address and a numeric value of a second wired media access control address of the second set of wired media access control addresses satisfies a threshold amount; and
  
  determining whether a first location associated with the first wireless media access control address corresponds to a second location associated with the second wired media access control address, wherein the wireless access point is determined to be the potential rogue wireless device when the difference satisfies the threshold amount and the first location corresponds to the second location, and wherein the potential rogue wireless device is associated with the first wireless media access control address and the second wired media access control address.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, wherein the operations further comprise, before determining that the wireless access point is the potential rogue wireless device, adding the second wired media access control address to a filtered second set of wired media access control addresses that excludes information associated with authorized devices.
  - 15. The system of claim 14, wherein the operations further comprise initiating an action responsive to determining that the wireless access point is the potential rogue wireless device, wherein the action includes causing a wired routing device of the network to perform media access control address blocking associated with the second media access control address.
  - 16. The system of claim 14, wherein the operations further comprise receiving the information associated with the authorized devices from an authorized device database.
  - 17. The system of claim 13, wherein the operations further comprise, after determining that the wireless access point is the potential rogue wireless device, sending a message to a wired device associated with the second media access control address via a wired connection, wherein the wireless access point is determined to be an active rogue wireless device when a response to the message is received from the wired device.
  - 18. The system of claim 17, wherein the wired device is a router, a switch, or both.
  - 19. The system of claim 13, further comprising a network interface, wherein the operations further comprise determining the first location based on the network interface being in operable range of the wireless access point.

20. A computer readable storage device storing instructions that, when executed by a processor, cause the processor to perform operations comprising:
- receiving a first set of wireless media access control addresses for wireless access points of a network;
  
  receiving a second set of wired media access control addresses for wired connections to the network; and
  
  determining whether a wireless access point is a potential rogue wireless device, wherein the wireless access point has a first wireless media access control address of the first set of wireless media access control addresses, and wherein determining whether the wireless access point is the potential rogue wireless device includes;
  
  determining whether a difference between a numeric value of the first wireless media access control address and a numeric value of a second wired media access control address of the second set of wired media access control addresses satisfies a threshold amount; and
  
  determining whether a first location associated with the first wireless media access control address corresponds to a second location associated with the second wired media access control address, the wireless access point is determined to be the potential rogue wireless device when the difference satisfies the threshold amount and the first location corresponds to the second location, and wherein the potential rogue wireless device is associated with the first wireless media access control address and the second wired media access control address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Larue, Troy, Banning, Joseph, Sorrell, Ed
Primary Examiner(s)
Jaroenchonwanit, Bunjob

Application Number

US13/708,175
Publication Number

US 20140161027A1
Time in Patent Office

1,082 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04W 12/122   Counter-measures against at...

H04W 48/16   Discovering, processing acc...

Rogue wireless access point detection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Rogue wireless access point detection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links