Rogue wireless access point detection
First Claim
1. A method comprising:
- receiving, at a detection system, a first set of wireless media access control addresses for wireless access points of a network from an authorized network device of the network;
receiving, at the detection system, a second set of wired media access control addresses for wired connections to the network; and
determining, with the detection system, whether a wireless access point is a potential rogue wireless device, wherein the wireless access point has a first wireless media access control address of the first set of wireless media access control addresses, and wherein determining whether the wireless access point is the potential rogue wireless device includes;
determining whether a difference between a numeric value of the first wireless media access control address and a numeric value of a second wired media access control address of the second set of wired media access control addresses satisfies a threshold amount; and
determining whether a first location associated with the first wireless media access control address corresponds to a second location associated with the second wired media access control address, wherein the wireless access point is determined to be the potential rogue wireless device when the difference satisfies the threshold amount and the first location corresponds to the second location, and wherein the potential rogue wireless device is associated with the first wireless media access control address and the second wired media access control address.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes, receiving a first set of media access control (MAC) addresses from one or more wireless communication detection devices of a network. The method also includes receiving a second set of MAC addresses from one or more wired devices of the network. The second set of MAC addresses corresponds to devices with wired connections to the network. The method further includes, determining that a wireless device having a first MAC address of the first set of media access control addresses is a potential rogue wireless device when a numeric value of the first MAC address and a numeric value of a second MAC address of the second set of MAC addresses differ by no more than a threshold amount and when a first location associated with a device that detects the first MAC address matches a second location associated with the second MAC address.
61 Citations
20 Claims
-
1. A method comprising:
-
receiving, at a detection system, a first set of wireless media access control addresses for wireless access points of a network from an authorized network device of the network; receiving, at the detection system, a second set of wired media access control addresses for wired connections to the network; and determining, with the detection system, whether a wireless access point is a potential rogue wireless device, wherein the wireless access point has a first wireless media access control address of the first set of wireless media access control addresses, and wherein determining whether the wireless access point is the potential rogue wireless device includes; determining whether a difference between a numeric value of the first wireless media access control address and a numeric value of a second wired media access control address of the second set of wired media access control addresses satisfies a threshold amount; and determining whether a first location associated with the first wireless media access control address corresponds to a second location associated with the second wired media access control address, wherein the wireless access point is determined to be the potential rogue wireless device when the difference satisfies the threshold amount and the first location corresponds to the second location, and wherein the potential rogue wireless device is associated with the first wireless media access control address and the second wired media access control address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising
a processor; - and
a memory accessible to the processor, the memory storing instructions that, when executed by the processor, cause the processor to perform operations comprising; receiving a first set of wireless media access control addresses for wireless access points of a network; receiving a second set of wired media access control addresses for devices with wired connections to the network; and determining whether a wireless access point is a potential rogue wireless device, wherein the wireless access point has a first wireless media access control address of the first set of wireless media access control addresses, and wherein determining whether the wireless access point is the potential rogue wireless device includes; determining whether a difference between a numeric value of the first wireless media access control address and a numeric value of a second wired media access control address of the second set of wired media access control addresses satisfies a threshold amount; and determining whether a first location associated with the first wireless media access control address corresponds to a second location associated with the second wired media access control address, wherein the wireless access point is determined to be the potential rogue wireless device when the difference satisfies the threshold amount and the first location corresponds to the second location, and wherein the potential rogue wireless device is associated with the first wireless media access control address and the second wired media access control address. - View Dependent Claims (14, 15, 16, 17, 18, 19)
- and
-
20. A computer readable storage device storing instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
receiving a first set of wireless media access control addresses for wireless access points of a network; receiving a second set of wired media access control addresses for wired connections to the network; and determining whether a wireless access point is a potential rogue wireless device, wherein the wireless access point has a first wireless media access control address of the first set of wireless media access control addresses, and wherein determining whether the wireless access point is the potential rogue wireless device includes; determining whether a difference between a numeric value of the first wireless media access control address and a numeric value of a second wired media access control address of the second set of wired media access control addresses satisfies a threshold amount; and determining whether a first location associated with the first wireless media access control address corresponds to a second location associated with the second wired media access control address, the wireless access point is determined to be the potential rogue wireless device when the difference satisfies the threshold amount and the first location corresponds to the second location, and wherein the potential rogue wireless device is associated with the first wireless media access control address and the second wired media access control address.
-
Specification