System and method for network integrity
First Claim
1. A system, comprising:
- an access point configured to be coupled to (1) a network associated with a fingerprint unique to the network and (2) a forwarding database storing an identifier for a first device coupled to the network, the fingerprint having a value other than an identifier for the network and the value of the fingerprint being changed after a period of time;
the access point configured to detect an identifier of a second device within a packet forwarded on the network;
the access point configured to compare the identifier of the second device with the identifier of the first device stored in the forwarding database; and
the access point configured to classify the second device as a rogue device when (1) the identifier of the second device matches the identifier of the first device stored in the forwarding database and (2) the packet does not include the fingerprint.
3 Assignments
0 Petitions
Accused Products
Abstract
A technique for maintaining network integrity is disclosed. A system according to the technique may include a wired network, a switch, and a wireless access point. The switch can be coupled to the wired network and the wireless access point can be coupled to the switch. The system may further include a forwarding database that stores a mac address for a plurality of devices seen by the switch on the wired network. A method according to the technique may involve detecting identifying information of a device by a wireless access point. The identifying information can be compared with the mac addresses in a forwarding database. If the device is unknown, the unknown device can be classified as rogue and countermeasures can be taken against the rogue device.
609 Citations
24 Claims
-
1. A system, comprising:
-
an access point configured to be coupled to (1) a network associated with a fingerprint unique to the network and (2) a forwarding database storing an identifier for a first device coupled to the network, the fingerprint having a value other than an identifier for the network and the value of the fingerprint being changed after a period of time; the access point configured to detect an identifier of a second device within a packet forwarded on the network; the access point configured to compare the identifier of the second device with the identifier of the first device stored in the forwarding database; and the access point configured to classify the second device as a rogue device when (1) the identifier of the second device matches the identifier of the first device stored in the forwarding database and (2) the packet does not include the fingerprint. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An apparatus, comprising:
-
a countermeasure module configured to be coupled to (1) a network associated with a fingerprint unique to the network and (2) a forwarding database storing an identifier for a first device coupled to the network, the fingerprint having a value other than an identifier for the network and the value of the fingerprint being changed after a period of time; the countermeasure module configured to receive an indication that (1) a second device coupled to the network is assigned with an identifier corresponding to the identifier of the first device and (2) a packet sent from the second device does not include the fingerprint; and the countermeasure module configured to disrupt communication between the second device and the network in response to the indication. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A method, comprising:
-
receiving a packet, from a network associated with a fingerprint, at an access point, the fingerprint being unique to the network and the fingerprint having a value other than an identifier for the network and the value of the fingerprint being changed after a period of time; detecting an identifier of a first device in the packet; comparing the identifier of the first device with an identifier of a second device stored in a database; and classifying the first device as rogue if (1) the identifier of the first device matches the identifier of the second device stored in the database and (2) the packet from the first device does not include the fingerprint. - View Dependent Claims (22, 23, 24)
-
Specification