System and method for detecting unauthorized wireless access points
First Claim
1. A system for detecting unauthorized access points on a network, comprising:
- a database of authorized access points; and
a server in a wired network configured to receive access point identification information from a wireless device, the serving being further configured to;
(1) query the database to determine whether the access point identification information corresponds to an authorized access point;
(2)(a) if an access point is found to be unauthorized, determine whether the access point is connected to the wired network by querying a MAC-address-to-vendor information table to determine whether the access point supports the Reverse Address Resolution Protocol and, if supported, issuing a Reverse Address Resolution Protocol request, wherein if the access point responds, the server assumes the access point is connected to the wired network;
or(2)(b) if an access point is found to be unauthorized, determine whether the access point is connected to the wired network by querying interface tables of one or more switches on the network, wherein if the address of the access point is present, the server assumes the access point is connected to the wired network;
(3) if the unauthorized access point is found not to be connected to the wired network, update a table comprising information of known access points that are not connected to the wired network; and
(4) if the unauthorized access point is found to be connected, disable communications between the network and the unauthorized access point.
28 Assignments
0 Petitions
Accused Products
Abstract
Unauthorized wireless access points are detected by configuring authorized access points and mobile units to listen to all wireless traffic in its cell and report all detected wireless devices to a monitor. The monitor checks the reported devices against a list of authorized network devices. If the reported wireless device is not an authorized device, the monitor determines if the reported device is connected to the network. If the reported device is connected to the network and is not an authorized device, the monitor alerts the network operator or network manager of a rogue device connected to the network and attempts to locate and isolate the rogue device.
338 Citations
3 Claims
-
1. A system for detecting unauthorized access points on a network, comprising:
-
a database of authorized access points; and a server in a wired network configured to receive access point identification information from a wireless device, the serving being further configured to; (1) query the database to determine whether the access point identification information corresponds to an authorized access point; (2)(a) if an access point is found to be unauthorized, determine whether the access point is connected to the wired network by querying a MAC-address-to-vendor information table to determine whether the access point supports the Reverse Address Resolution Protocol and, if supported, issuing a Reverse Address Resolution Protocol request, wherein if the access point responds, the server assumes the access point is connected to the wired network;
or(2)(b) if an access point is found to be unauthorized, determine whether the access point is connected to the wired network by querying interface tables of one or more switches on the network, wherein if the address of the access point is present, the server assumes the access point is connected to the wired network; (3) if the unauthorized access point is found not to be connected to the wired network, update a table comprising information of known access points that are not connected to the wired network; and (4) if the unauthorized access point is found to be connected, disable communications between the network and the unauthorized access point. - View Dependent Claims (2, 3)
-
Specification