[미국특허]
Method, apparatus, and software product for detecting rogue access points in a wireless network
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04Q-007/24
H04L-009/00
H04M-001/66
출원번호
US-0766174
(2004-01-28)
등록번호
US-7286515
(2007-10-23)
발명자
/ 주소
Olson,Timothy S.
Kaiser,Daryl A.
Roshan,Pejman D.
출원인 / 주소
Cisco Technology, Inc.
대리인 / 주소
Inventek
인용정보
피인용 횟수 :
46인용 특허 :
50
초록▼
A method, an apparatus, and a software program to implement a method to detect a rogue access point of a wireless network. The method includes maintaining an AP database that includes information about managed access point (APs) and friendly APs, including the MAC address of each managed AP. The met
A method, an apparatus, and a software program to implement a method to detect a rogue access point of a wireless network. The method includes maintaining an AP database that includes information about managed access point (APs) and friendly APs, including the MAC address of each managed AP. The method further includes sending a scan request to one or more managed APs, including one or more of a request for the receiving managed AP to scan for beacons and probe responses and a request for the receiving managed AP to request its clients to scan for beacons and probe responses. The method further includes receiving reports from at least one of the receiving managed APs, a report including information on any beacon or probe response received that was sent by an AP. For each beacon or probe response on which information is received, the method analyzes the information received in the report about the AP that sent the beacon or probe response, the analyzing including ascertaining if the MAC address of the AP that sent the beacon or probe response matches a MAC address of an AP in the AP database to ascertain whether or not the AP is a potential rogue AP or a managed or friendly AP.
대표청구항▼
We claim: 1. A method comprising: a central management entity managing managed access points (APs) of a wireless network, including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of the managed access point; maintaining an AP data
We claim: 1. A method comprising: a central management entity managing managed access points (APs) of a wireless network, including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of the managed access point; maintaining an AP database that includes information about managed APs and friendly APs of the wireless network, including for each managed AP in the AP database, the service set identifier of the managed AP and one or more of the configuration parameters; sending a scan request to one or more managed APs of the wireless network, the scan request including a request for the receiving managed AP to scan for beacons and probe responses; and receiving reports from at least one of the receiving managed APs about beacons or probe responses from any potential rogue AP, including, for each potential rogue AP from which a beacon or probe response was received, detection information, and information on the beacon or probe response received sent by the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters; and for each beacon or probe response from a potential rogue AP on which information is received, ascertaining if the potential rogue AP is a managed AP, including: ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP. 2. A method as recited in claim 1, wherein the wireless network substantially conforms to the IEEE 802.11 standard for wireless local area networks. 3. A method as recited in claim 1, wherein the maintaining the AP database includes updating the AP database from time to time. 4. A method as recited in claim 1, wherein the analysis further includes determining the approximate location of the potential rogue AP in order to further ascertain whether the potential rogue AP is likely to be a rogue, a location determining method that uses information determined from signals received from the potential rogue AP at a plurality of managed APs whose locations are known or at stations whose respective locations are known or determined, and calculating a likely location using the determined information. 5. A method as recited in claim 1, wherein the sending a request includes sending a request to one or more wireless stations of the wireless network to listen for beacons and probe responses on the respective serving channels of the respective wireless stations and to report the results of the listening. 6. A method as recited in claim 1, wherein the sending a request includes sending a request for one or more wireless stations to temporarily listen for beacons and probe responses on a channel specified in the request and to report the results of the listening. 7. A method as recited in claim 1, wherein the sending a request includes sending a request for one or more managed access points to listen for beacons and probe responses and to report the results of the listening. 8. A method as recited in claim 1, wherein the sending a request includes sending a request for one or more clients of one or more managed access points to listen for beacons and probe responses and to report the results of the listening. 9. A method as recited in claim 1, wherein the analyzing further includes using timing information determined from the beacon or probe response to further ascertain whether the AP is likely to be a rogue. 10. A method as recited in claim 9, wherein the analyzing further includes using known location information of managed APs together with the timing information to determine the approximate location of the potential rogue AP. 11. A method as recited in claim 1, wherein the detection information includes absolute RSSI information, and wherein the analyzing further includes using known location information of managed APs to approximately locate the potential rogue AP, and method further comprising: locating the potential rogue AP by using the absolute RSSI at the station receiving the beacon or probe response together with a calibrated path loss model of an area of interest that provides path losses at various locations to or from managed stations at known locations. 12. A method as recited in claim 11, wherein the locating includes: accepting an ideal path loss model applicable to an area of interest; calibrating the ideal path loss model using measurements received from each respective managed station of a first set of managed wireless stations of the wireless network measuring the received signal strengths at each of the respective managed stations, the managed stations receiving signals as a result of transmissions by respective managed stations of a second set of managed wireless stations of the wireless network, each respective transmission at a known respective transmit power, the locations of each managed station of the first and second set being known or determined, the calibrating being to determine a calibrated path loss model between the receiving and transmitting wireless stations; receiving measurements from each respective managed station of a third set of managed wireless stations of the wireless network measuring the received signal strength at each of the respective stations resulting from transmission of a beacon or probe response from a potential rogue access point, each station of the third set being at a known or determined location; and for each of a set of assumed transmit powers for the potential rogue access point, determining the likely location or locations of the potential rogue access point using the received signal strengths at the stations of the third set and the calibrated path loss model. 13. A method as recited in claim 12, wherein the determining of the likely location or locations includes: determining a set of likelihood components for each of a set of locations, each component corresponding to a respective managed access point whose transmissions are listened for at the particular station, and determining an overall likelihood for each of the set of locations as the product of the likelihood components. 14. A method as recited in claim 1, wherein further comprising combining the results of the analyzing step with the results of one or more complementary rogue AP detection techniques. 15. A method as recited in claim 14, wherein one of the complementary rogue AP detection techniques includes a client reporting to a managed AP a failed previous authentication attempt with an AP. 16. A method comprising: receiving a scan request at an access point (AP) of a wireless network to scan for beacons and probe responses, the request received from a management entity coupled to a WLAN manager managing a set of managed APs, the managing of the managed APs including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of the managed APs and maintaining an AP database that contains information about managed APs and friendly APs of the wireless network, the information in the AP database including for each managed AP in the AP database, the service set identifier of the managed AP and one or more of the configuration parameters; listening for beacons and probe responses at the AP receiving the scan; and sending a scan report to the WLAN manager including information on any beacon or probe response received from a potential rogue AP by the AP receiving the scan request, the information including, for each potential rogue AP from which a beacon or probe response was received, detection information, and information on the beacon or probe response from the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters, such that for each beacon or probe response from a potential rogue AP on which information is received at the WLAN manager, ascertaining if the potential rogue AP is a managed AP, including: ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP. 17. A method as recited in claim 16, wherein the scan request includes a request to scan for beacons and probe responses on the respective serving channel of each respective wireless AP or client station and to report the results of the listening. 18. A method as recited in claim 16, wherein the scan request a includes a request for the listening stations AP or client station to temporarily listen for beacons and probe responses on a channel specified in the request and to report the results of the listening. 19. A method as recited in claim 16, wherein the scan request from the WLAN manager and the scan report to the WLAN manager use a protocol that provides for and encapsulates scan request messages and scan report messages in IP packets. 20. A method as recited in claim 19, wherein the request from an AP to a client station, and the report from the client station to an AP uses MAC frames. 21. A method as recited in claim 19, wherein the scan request includes a set of scan parameters that describe how information is to be obtained about beacons and probe responses received by the managed. 22. A method as recited in claim 21, wherein the scan parameters include one or more of: whether the requested scan is an active scan or a passive scan or both an active and passive scan, and if an active scan, one or more channels for the active scan, and the schedule of how often scans are to be performed. 23. A method as recited in claim 21, wherein after receiving the task request, the receiving AP sets up tasking according to the scan request, including scheduling any scans to be performed by the receiving AP. 24. A computer-readable medium encoded with computer readable instructions that when executed cause one or more processors of a processing system to execute a method comprising: managing managed access points (APs) of a wireless network, including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of each managed access point; maintaining an AP database that includes information about managed APs and friendly APs of the wireless network, including for each managed AP in the AP database, the service set identifier of the managed AP and one or more of the configuration parameters; sending a scan request to one or more managed APs of the wireless network, the scan request including a request for the receiving managed AP to scan for beacons and probe responses; and receiving reports from at least one of the receiving managed APs about beacons or probe responses from any potential rogue AP, including, for each potential rogue AP from which a beacon or probe response was received, detection information, and information on the beacon or probe response received sent by the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters; and for each beacon or probe response from a potential rogue AP on which information is received, ascertaining if the potential rogue AP is a managed AP, including: ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP. 25. A computer-readable medium encoded with computer readable instructions to instruct one or more processors of a processing system to execute a method at an access point (AP) of a wireless network comprising: receiving a scan request to scan for beacons and probe responses, the request received from a management entity coupled to a WLAN manager managing a set of managed APs, the managing of the managed APs including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of the managed APs and maintaining an AP database that contains information about the managed APs and friendly APs of the wireless network, the information in the AP database including for each managed AP in the AP database, the service set identifier of the managed AP and one or more of the configuration parameters; listening for beacons and probe responses at the AP receiving the scan request; and sending a scan report to the WLAN manager including information on any beacon or probe response received from a potential rogue AP by the AP receiving the scan request, the information including, for each potential rogue AP from which a beacon or probe response was received, detection information, and information on the beacon or probe response from the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters, such that for each beacon or probe response from a potential rogue AP on which information is received at the WLAN manager, ascertaining if the potential rogue AP is a managed AP, including: ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP. 26. An apparatus comprising: a processing system including a memory and a network interface to couple the apparatus to a network, the network including a set of managed access points (APs) of a wireless network; and a tangible medium storing an AP database coupled to the processing system and containing information about the managed APs and friendly APs of the wireless network, including information related to how each managed AP in the AP database is configured, wherein the processing system is programmed to: manage the managed APs, including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of each managed access point; maintain the AP database that includes information about the managed APs, including for each managed AP, the service set identifier of the managed AP and one or more of the configuration parameters; send a scan request to one or more managed APs of the wireless network, the scan request being for the receiving managed AP to scan for beacons and probe responses; and receive reports from at least one of the receiving managed APs about beacons or probe responses from any potential rogue AP, including, for each potential rogue AP from which a beacon or probe response was received, detection information, and information on the beacon or probe response received sent by the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters; and for each beacon or probe response from a potential rogue AP on which information is received, ascertaining if the potential rogue AP is a managed AP, including: ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP. 27. An access point (AP) for a wireless network, the access point comprising: a processing system including a memory; a network interface to couple the access point to a network; a wireless transceiver coupled to the processing system to implement the PHY of a wireless station; the processing system including a MAC processor and programmed to: receive a scan request to scan for beacons and probe responses, the request received via the network interface from a management entity coupled to a WLAN manager coupled to the network and managing a set of managed, the managing including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of managed APs and maintaining an AP database that contains information about managed APs and friendly APs of the wireless network, including for each managed AP in the AP database, the service set identifier of the managed AP, and one or more of the configuration parameters; and send a scan report to the WLAN manager via the network interface, including information on any beacon or probe response received from a potential rogue AP, the scan report including for each potential rogue AP beacon or probe response was received, detection information, and information on the beacon or probe response from the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters, such that for each beacon or probe response on which information is received at the WLAN manager, analyzing the information received in the report about the potential rogue AP that sent the beacon or probe response includes, in order to ascertain if the potential rogue AP is a managed AP: (a) ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and (b) ascertaining if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP. 28. A method as recited in claim 1, wherein the information stored in the AP database on each managed AP includes a maximum power setting or a frequency setting or both a maximum power and a frequency setting. 29. A method as recited in claim 1, wherein the detection information includes at least the channel the detected AP's beacon or probe response was received on, and wherein the information on the received beacon or probe response includes at least a service set identifier in the beacon or probe response. 30. A method as recited in claim 1, wherein the sending a scan request to one or more managed APs of the wireless network includes a request for the receiving managed AP to request the AP's clients to scan for beacons and probe responses. 31. A method as recited in claim 16, wherein the information stored in the AP database on each managed AP includes a maximum power setting or a frequency setting or both a maximum power and a frequency setting. 32. A method as recited in claim 16, wherein the detection information includes at least the channel the detected AP's beacon or probe response was received on, and wherein the information on the received beacon or probe response includes at least a service set identifier in the beacon or probe response. 33. A method as recited in claim 16, wherein the management entity also manages any client stations of the managed APs, and wherein the receiving a scan request also includes a request to request any associated clients to listen for beacons or probe responses, the method further comprising: sending a client request to one or more client stations associated with the AP to listen for beacons and probe responses; and in the case that a client request was sent, receiving a client report at the AP from at least one of the client stations to which the client request was sent, the client report including information on any beacon or probe response received from a potential rogue AP. 34. A computer-readable medium as recited in claim 24, wherein the information stored in the AP database on each managed AP includes a maximum power setting or a frequency setting or both a maximum power and a frequency setting. 35. A computer-readable medium as recited in claim 24, wherein the detection information includes at least the channel the detected AP's beacon or probe response was received on, and wherein the information on the received beacon or probe response includes at least a service set identifier in the beacon or probe response. 36. A computer-readable medium as recited in claim 24, wherein the sending a scan request to one or more managed APs of the wireless network includes a request for the receiving managed AP to request the AP's clients to scan for beacons and probe responses.
Nessett, Danny M.; Young, Albert; O'Hara, Bob; Tsai, Joe; Chen, Bofu, Authenticated diffie-hellman key agreement protocol where the communicating parties share a secret key with a third party.
Kovach ; Jr. Michael John ; Brigidi Anthony Richard ; Solley John ; McCook Edwin E. ; Anderson Robert J. ; Sachdev Vineet ; Ginter Thomas ; Sheehan Joseph W. ; Stilp Louis A., Centralized database system for a wireless location system.
Solberg Stephen J. ; Szymanski Curt D., Computer automated system and method for converting source documents bearing symbols and alphanumeric text relating to three dimensional objects.
Joseph Alexander Dara-Abrams ; Harold Aaron Ludtke ; Thomas Edward Birmingham ; Neil David Matthews GB; Yoshifumi Yanagawa JP; Wim Bronnenberg NL, Data driven interaction for networked control of a DDI target device over a home entertainment network.
Cromer Daryl Carvis ; Dayan Richard Alan ; Locker Howard ; Steinmetz Michael ; Ward James Peter, Data processing system and method for determining a physical location of a client computer system coupled to a server via a physical network.
Hiroaki Koshima JP; Kimio Muya JP; Katsuhiko Kumamoto JP, Location system and method for identifying position of mobile terminal that can communicate based on repeater in radio zone, and mobile terminal that can communicate based on repeater in radio zone.
Bhagwat,Pravin; Chaskar,Hemant; King,David C.; Rawat,Jai, Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices.
Larsson Erik,SEX ; Kangas Ari,SEX ; Fischer Sven,DEX, Selection of location measurement units for determining the position of a mobile communication station.
Keith D. McDonald, Signal structure and processing technique for providing highly precise position, velocity, time and attitude information with particular application to navigation satellite systems including GPS.
Saha Bikash ; Kingdon Christopher ; Zadeh Bagher ; Hussain Tahir, System and method for time of arrival positioning measurements based upon network characteristics.
Sugiura Masataka,JPX ; Ishibashi Hiroyoshi,JPX ; Kanaya Etsumi,JPX ; Kubo Toru,JPX ; Yamaguchi Kazuaki,JPX ; Oka Natsuki,JPX, Wireless communication system and method and system for detection of position of radio mobile station.
Sugiura Masataka,JPX ; Ishibashi Hiroyoshi,JPX ; Kanaya Etsumi,JPX ; Kubo Toru,JPX ; Yamaguchi Kazuaki,JPX ; Oka Natsuki,JPX, Wireless communication system and method and system for detection of position of radio mobile station.
Sugiura Masataka,JPX ; Ishibashi Hiroyoshi,JPX ; Kanaya Etsumi,JPX ; Kubo Toru,JPX ; Yamaguchi Kazuaki,JPX ; Oka Natsuki,JPX, Wireless communication system and method and system for detection of position of radio mobile station.
Sugiura Masataka,JPX ; Ishibashi Hiroyoshi,JPX ; Kanaya Etsumi,JPX ; Kubo Toru,JPX ; Yamaguchi Kazuaki,JPX ; Oka Natsuki,JPX, Wireless communication system and method and system for detection of position of radio mobile station.
Bhagwat, Pravin; Gogate, Shantanu; King, David C, Automated method and system for monitoring local area computer networks for unauthorized wireless access.
Ptasinski, Henry; Carter, Edward; Thawani, Manoj; Deb, Manas; Vadasz, Jeff; Iyer, Mahesh, Method and system for exchanging setup configuration protocol information in beacon frames in a WLAN.
Ketchum, John W.; Nagaraj, Srinath; Bhatia, Ashok; Katzfey, Eric J.; Daita, Lalitaprasad V.; Baruah, Sekharjyoti, Method and system for femto cell self-timing and self-locating.
Sheinfeld, Gil; Ballantyne, Andrew, Method and system for providing connectivity outage detection for MPLS core networks based on service level agreement.
Roy, Vincent; Marinier, Paul; Rudolf, Marian; La Sita, Frank; Cave, Christopher; Touag, Athmane; Cuffaro, Angelo, Neighbor scanning in wireless local area networks.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.