Spoofing detection
First Claim
Patent Images
1. A method to detect spoofing, the method comprising:
- determining a first location of a wireless access device having an identifier at a first time;
determining a second location of the wireless access device at a second time;
comparing the first location and the second location to determine whether the first location and the second location are within a possible distance of one another for the wireless access device to travel between the first and second times; and
sending an alert in response to determining that the first location and the second location are outside of the possible distance.
9 Assignments
0 Petitions
Accused Products
Abstract
Methods are described herein useful for detecting spoofing by wireless access devices. In some embodiments, spoofing can be detected based on locations for a wireless access device having an identifier at first and second times. The locations are compared to determine whether the wireless access device could access the particular network at the locations in the time period between the first and second times. In several embodiments, spoofing can be detected by tracking the activity of wireless access devices and identifying events that that are prohibited by one or more policy elements of the particular network.
174 Citations
13 Claims
-
1. A method to detect spoofing, the method comprising:
-
determining a first location of a wireless access device having an identifier at a first time; determining a second location of the wireless access device at a second time; comparing the first location and the second location to determine whether the first location and the second location are within a possible distance of one another for the wireless access device to travel between the first and second times; and sending an alert in response to determining that the first location and the second location are outside of the possible distance. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method to detect spoofing with a collector device in connection with a plurality of nodes, the method comprising:
-
receiving a first state of a wireless access device and a first communication device to which the wireless access device is communicating over a particular network at a first time at a particular node of the plurality of nodes; receiving or generating a first event for the wireless access device identifying the first state and the first communication device; receiving a second state of the wireless access device and a second communication device to which the wireless access device is communicating over the particular network at a second time at a particular node of the plurality of nodes; receiving or generating a second event for the wireless access device identifying the second state and the second communication device in response to determining that at least one of; the first state and the second state are different, and the first communication device and the second communication device are different; checking the first and second events with the collector device for activities prohibited by one or more policy elements of the particular network, wherein the collector device is configured with the one or more policy elements; and sending an alert signal in response to determining that the first and second events identify an activity that is prohibited by the one or more policy elements. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
Specification