IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0500392
(2009-07-09)
|
등록번호 |
US-8218449
(2012-07-10)
|
발명자
/ 주소 |
|
출원인 / 주소 |
|
인용정보 |
피인용 횟수 :
20 인용 특허 :
319 |
초록
▼
In some embodiments, a method includes combining operations of a wireless access point with operations of a remote probe. An access point links a wireless client to a wireless switch. A remote probe captures wireless packets, appends radio information, and forwards packets to a remote observer for a
In some embodiments, a method includes combining operations of a wireless access point with operations of a remote probe. An access point links a wireless client to a wireless switch. A remote probe captures wireless packets, appends radio information, and forwards packets to a remote observer for analysis. In an embodiment, the observer may provide a protocol-level debug. A system according to the technique can, for example, accomplish concurrent in-depth packet analysis of one or more interfaces on a wireless switch. The system can also, for example, augment embedded security functions by forwarding selected packets to a remote Intrusion Detection System (IDS). In an embodiment, filters on the probes may reduce overhead.
대표청구항
▼
1. A system comprising: an intrusion detection system configured to be coupled to a network having a first wireless area and a second wireless area;the intrusion detection system configured to receive a copy of a first packet meeting a specified criteria, the intrusion detection system configured to
1. A system comprising: an intrusion detection system configured to be coupled to a network having a first wireless area and a second wireless area;the intrusion detection system configured to receive a copy of a first packet meeting a specified criteria, the intrusion detection system configured to receive the copy of the first packet from a first snoop filter of a first access point included in the first wireless access area and monitoring traffic between the first access point and a mobile device having an identity;the intrusion detection system configured to receive a copy of a second packet meeting the specified criteria when the mobile device moves from the first wireless access area to the second wireless access area, the intrusion detection system configured to receive the copy of the second packet from a second snoop filter of a second access point included in the second access area and monitoring traffic between the second access point and the mobile device having an identity corresponding to the identity of the mobile device when the first snoop filter monitors traffic between the first access point and the mobile device. 2. The system of claim 1 wherein the intrusion detection system is configured to be coupled to the network providing a Layer 2 path for Layer 3 traffic. 3. The system of claim 1, wherein the identity includes a Layer 3 attribute. 4. A method comprising: receiving a copy of a first packet meeting a specified criteria, the copy of the first packet being received from a mobile device via a first filter of a first wireless access area, the mobile device having an associated IP address;analyzing the copy of the first packet to determine whether the mobile device is a threat;receiving a copy of a second packet meeting the specified criteria when the mobile device moves from the first wireless access area to a second wireless access area, the copy of the second packet being received from the mobile device via a second filter of the second access area, the mobile device having the associated IP address; andanalyzing the copy of the second packet to determine whether the mobile device is a threat. 5. The method of claim 4, wherein the copy of the first packet is encapsulated with TZSP prior to receiving the copy of the first packet. 6. The method of claim 4, wherein the copy of the first packet is decrypted so that a header associated with the packet is readable even if the header indicates encrypted data. 7. The method of claim 4, further comprising decoding encrypted data and reporting accurate signal strength measurements. 8. An apparatus, comprising: an access point configured to pass wireless traffic to a network portion;the access point including a filter;the access point configured to capture a packet from the wireless traffic if the packet matches a specified criteria associated with the filter;the access point configured to send a copy of the packet, via the network portion, to an intrusion detection system for analyzing the copy of the packet. 9. The system of claim 8, wherein the intrusion detection system is remote with respect to the access point. 10. The system of claim 8, wherein the access point is configured to append radio information to the copy of the packet. 11. The system of claim 8, wherein the access point is a first access point, the system further comprising a second access point, the first access point to the second access point collectively configured to pass a mobile device with subnet mobility. 12. The system of claim 8, wherein the access point is configured to be coupled to the instruction detection system disposed in a workstation. 13. The system of claim 8, wherein the access point includes at least one radio interface configured to receive the wireless traffic. 14. The system of claim 8, wherein the access point includes a radio interface mapped to the filter. 15. The system of claim 8, wherein the access point is configured to decrypt the packet such that the payload is readable even if a header indicates encrypted data. 16. The system of claim 8, wherein the access point includes a radio interface configured to pass the wireless traffic, the access point includes a monitor configured to capture the packet. 17. The system of claim 8, wherein the access point includes a persistent monitor. 18. The system of claim 8, wherein the filter includes at least one parameter of Basic Service Set Identifier (BSSID), a channel identifier, a media access control (mac) address, and a frame-type. 19. The system of claim 8, wherein the filter is non-persistently enabled/disabled. 20. The system of claim 8, wherein the packet is an 802.11 packet.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.