System and method for network integrity

US 8,638,762 B2
Filed: 02/08/2006
Issued: 01/28/2014
Est. Priority Date: 10/13/2005
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

an access point configured to be coupled to (1) a network associated with a fingerprint unique to the network and (2) a forwarding database storing an identifier for a first device coupled to the network, the fingerprint having a value other than an identifier for the network and the value of the fingerprint being changed after a period of time;

the access point configured to detect an identifier of a second device within a packet forwarded on the network;

the access point configured to compare the identifier of the second device with the identifier of the first device stored in the forwarding database; and

the access point configured to classify the second device as a rogue device when (1) the identifier of the second device matches the identifier of the first device stored in the forwarding database and (2) the packet does not include the fingerprint.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for maintaining network integrity is disclosed. A system according to the technique may include a wired network, a switch, and a wireless access point. The switch can be coupled to the wired network and the wireless access point can be coupled to the switch. The system may further include a forwarding database that stores a mac address for a plurality of devices seen by the switch on the wired network. A method according to the technique may involve detecting identifying information of a device by a wireless access point. The identifying information can be compared with the mac addresses in a forwarding database. If the device is unknown, the unknown device can be classified as rogue and countermeasures can be taken against the rogue device.

609 Citations

24 Claims

1. A system, comprising:
- an access point configured to be coupled to (1) a network associated with a fingerprint unique to the network and (2) a forwarding database storing an identifier for a first device coupled to the network, the fingerprint having a value other than an identifier for the network and the value of the fingerprint being changed after a period of time;
  
  the access point configured to detect an identifier of a second device within a packet forwarded on the network;
  
  the access point configured to compare the identifier of the second device with the identifier of the first device stored in the forwarding database; and
  
  the access point configured to classify the second device as a rogue device when (1) the identifier of the second device matches the identifier of the first device stored in the forwarding database and (2) the packet does not include the fingerprint.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A system as recited in claim 1, wherein the access point is a first access point and the second device is a second access point.
  - 3. A system as recited in claim 1, wherein the access point configured to (1) operate in a promiscuous mode and (2) define a collated database.
  - 4. A system as recited in claim 1, wherein the forwarding database is stored on a switch coupled to the network.
  - 5. A system as recited in claim 1, wherein the identifier of the second device is one of a MAC address or an SSID.
  - 6. A system as recited in claim 5, wherein the second device is performing an SSID masquerade.
  - 7. A system as recited in claim 1 wherein the access point is a first access point, the system further comprising:
    - a second access point configured to be coupled to the network and a second forwarding database storing an identifier of a third device coupled to the network;
      
      the first access point configured to compare the identifier of the second device with the identifier of the third device stored in the second forwarding database; and
      
      the first access point configured to classify the second device as a rogue device when (1) the identifier of the second device matches the identifier of the third device stored in the second forwarding database and (2) a packet from the third device does not include the fingerprint.
  - 8. A system as recited in claim 7, wherein the first access point is configured to be coupled to the network via a seed switch and the second access point is coupled to the network via a member switch.
  - 9. A system as recited in claim 1, wherein the access point is configured to disrupt communications between the second device and the network if the second device is classified as the rogue device.
  - 10. A system as recited in claim 1, wherein the second device is an unknown client.
  - 11. The system of claim 1, wherein the access point is configured to be coupled to the network such that the fingerprint is distributed to the first device, which is legitimately coupled to the network and not the second device.
  - 12. The system of claim 1, wherein the access point is configured to be coupled to the network such that the fingerprint is distributed to devices connected to a wired portion the network.
  - 13. The system of claim 1, wherein the fingerprint is a pseudo-random number.
  - 14. The system of claim 1, wherein the period of time is a predetermined period of time.
  - 15. The system of claim 1, wherein the fingerprint has a value other than an identifier for a device.

16. An apparatus, comprising:
- a countermeasure module configured to be coupled to (1) a network associated with a fingerprint unique to the network and (2) a forwarding database storing an identifier for a first device coupled to the network, the fingerprint having a value other than an identifier for the network and the value of the fingerprint being changed after a period of time;
  
  the countermeasure module configured to receive an indication that (1) a second device coupled to the network is assigned with an identifier corresponding to the identifier of the first device and (2) a packet sent from the second device does not include the fingerprint; and
  
  the countermeasure module configured to disrupt communication between the second device and the network in response to the indication.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus as recited in claim 16, further comprising a port configured to be connected to an access point detecting the identifier of the first device and the identifier of the second device.
  - 18. The apparatus as recited in claim 16, further comprising an access point configured to operate in a promiscuous mode to define an access point database and client database.
  - 19. The apparatus as recited in claim 16, wherein the countermeasure module is a first countermeasure module, the apparatus further including the forwarding database, the forwarding database configured to be operatively coupled to a second countermeasure module coupled to the network.
  - 20. The apparatus as recited in claim 16, wherein the countermeasure module is configured to send at least one of a deauthenticate packet or a disassociate packet to the second device.

21. A method, comprising:
- receiving a packet, from a network associated with a fingerprint, at an access point, the fingerprint being unique to the network and the fingerprint having a value other than an identifier for the network and the value of the fingerprint being changed after a period of time;
  
  detecting an identifier of a first device in the packet;
  
  comparing the identifier of the first device with an identifier of a second device stored in a database; and
  
  classifying the first device as rogue if (1) the identifier of the first device matches the identifier of the second device stored in the database and (2) the packet from the first device does not include the fingerprint.
- View Dependent Claims (22, 23, 24)
- - 22. A method as recited in claim 21, further comprising operating an access point in a promiscuous mode to define the database.
  - 23. A method as recited in claim 21, wherein the database is a first database associated with a first access point further comprising:
    - comparing the identifier of the first device with an identifier of a third device stored in a second database associated with a second access point; and
      
      classifying the first device as a rogue device if (1) the identifier of the first device matches the identifier of the third device stored in the second database and (2) the packet from the first device does not include the fingerprint.
  - 24. A method as recited in claim 21, further comprising disrupting communication between the first device and a network including the access point in response to classifying the first device as a rogue device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trapeze Networks Incorporated (Juniper Networks Incorporated)
Original Assignee
Trapeze Networks Incorporated (Juniper Networks Incorporated)
Inventors
Tiwari, Manish
Primary Examiner(s)
EBRAHIM, ANEZ C

Application Number

US11/351,104
Publication Number

US 20070183375A1
Time in Patent Office

2,911 Days
Field of Search

None
US Class Current

370/338
CPC Class Codes

H04L 63/101   Access control lists [ACL]

H04L 63/1416   Event detection, e.g. attac...

H04W 12/122   Counter-measures against at...

H04W 12/125   Protection against power ex...

H04W 12/126   Anti-theft arrangements, e....

System and method for network integrity

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

609 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

System and method for network integrity

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

609 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others