-
1.发明申请DETECTION OF ROGUE WIRELESS DEVICES FROM DYNAMIC HOST CONTROL PROTOCOL REQUESTS 审中-公开从动态主机控制协议请求中检测无线设备公开(公告)号:US20110271345A1
公开(公告)日:2011-11-03
申请号:US13179338
申请日:2011-07-08
申请人: Alastair Wolman , Brian D. Zill , Jitendra D. Padhye , Ranveer Chandra , Paramvir Bahl , Manpreet Singh , Lenin Ravindranath Sivalingam
发明人: Alastair Wolman , Brian D. Zill , Jitendra D. Padhye , Ranveer Chandra , Paramvir Bahl , Manpreet Singh , Lenin Ravindranath Sivalingam
IPC分类号: G06F21/00
CPC分类号: H04W12/12 , H04L63/1408 , H04W88/08
摘要: A method to determine if a rogue device is connected to a specific wired network from dynamic host control protocol (DHCP) requests on the wired network. These DHCP requests are analyzed to determine the type of device issuing the request. Once the type of device has been determined, it can be checked against a list of authorized device types. If the device issuing the DHCP request is not an authorized device type, then it can be determined that the suspect device is a rogue that is connected to the specific wired network. Additionally, even if the system of the present invention determines that it is an authorized device type, if the device is not one of the few authorized devices of this type, e.g. because its MAC address is not recognized as that of one of the authorized devices, the system can flag the suspect as a rogue.
摘要翻译: 一种确定流氓设备是否从有线网络上的动态主机控制协议(DHCP)请求连接到特定有线网络的方法。 分析这些DHCP请求以确定发出请求的设备的类型。 一旦确定了设备类型,就可以根据授权的设备类型列表进行检查。 如果发出DHCP请求的设备不是授权设备类型,则可以确定可疑设备是连接到特定有线网络的流氓。 另外,即使本发明的系统确定它是授权设备类型,如果该设备不是这种类型的少数授权设备之一,例如, 由于其MAC地址不被识别为其中一个授权设备的MAC地址,系统可以将嫌疑犯标记为流氓。
-
公开(公告)号:US08000698B2
公开(公告)日:2011-08-16
申请号:US11586137
申请日:2006-10-25
申请人: Alastair Wolman , Brian D. Zill , Jitendra D. Padhye , Ranveer Chandra , Paramvir Bahl , Manpreet Singh , Lenin Ravindranath Sivalingam
发明人: Alastair Wolman , Brian D. Zill , Jitendra D. Padhye , Ranveer Chandra , Paramvir Bahl , Manpreet Singh , Lenin Ravindranath Sivalingam
CPC分类号: H04W12/12 , H04L63/1408 , H04W88/08
摘要: A method of detecting rogue devices that are coupled to a wired network without generating false negative or false positive alerts is provided. When a wireless monitor detects an observed SSID and/or BSSID, various tests are run to determine whether the observed device is actually coupled to the wired network. To guard against the suspect device spoofing an authorized SSID and/or BSSID, location information is gathered so that the network administrator can pinpoint the location of the rogue device. If the device is not recognized, various other tests are run to determine whether the unrecognized device is actually connected to the wired network. These tests include an association test, a MAC address test, an ARP test, a packet replay test, a correlation test, and/or a DHCP fingerprint test. Once it is determined that the suspect device is a rogue connected to the wired network, an appropriate alert is generated.
摘要翻译: 提供了一种检测耦合到有线网络的恶意设备而不产生假否定或非正警告的方法。 当无线监视器检测到观察到的SSID和/或BSSID时,将进行各种测试以确定观察设备是否实际耦合到有线网络。 为了防范怀疑设备欺骗授权的SSID和/或BSSID,收集位置信息,以便网络管理员可以精确定位流氓设备的位置。 如果设备未识别,则会运行各种其他测试,以确定无法识别的设备是否实际连接到有线网络。 这些测试包括关联测试,MAC地址测试,ARP测试,分组重放测试,相关测试和/或DHCP指纹测试。 一旦确定可疑设备是连接到有线网络的流氓,就产生适当的警报。
-
公开(公告)号:US20070298720A1
公开(公告)日:2007-12-27
申请号:US11586137
申请日:2006-10-25
申请人: Alastair Wolman , Brian D. Zill , Jitendra D. Padhye , Raveer Chandra , Paramvir Bahl , Manpreet Singh , Lenin Ravindranath Sivalingam
发明人: Alastair Wolman , Brian D. Zill , Jitendra D. Padhye , Raveer Chandra , Paramvir Bahl , Manpreet Singh , Lenin Ravindranath Sivalingam
IPC分类号: H04B7/00
CPC分类号: H04W12/12 , H04L63/1408 , H04W88/08
摘要: A method of detecting rogue devices that are coupled to a wired network without generating false negative or false positive alerts is provided. When a wireless monitor detects an observed SSID and/or BSSID, various tests are run to determine whether the observed device is actually coupled to the wired network. To guard against the suspect device spoofing an authorized SSID and/or BSSID, location information is gathered so that the network administrator can pinpoint the location of the rogue device. If the device is not recognized, various other tests are run to determine whether the unrecognized device is actually connected to the wired network. These tests include an association test, a MAC address test, an ARP test, a packet replay test, a correlation test, and/or a DHCP fingerprint test. Once it is determined that the suspect device is a rogue connected to the wired network, an appropriate alert is generated.
摘要翻译: 提供了一种检测耦合到有线网络的恶意设备而不产生假否定或非正警告的方法。 当无线监视器检测到观察到的SSID和/或BSSID时,将进行各种测试以确定观察设备是否实际耦合到有线网络。 为了防范怀疑设备欺骗授权的SSID和/或BSSID,收集位置信息,以便网络管理员可以精确定位流氓设备的位置。 如果设备未识别,则会运行各种其他测试,以确定无法识别的设备是否实际连接到有线网络。 这些测试包括关联测试,MAC地址测试,ARP测试,分组重放测试,相关测试和/或DHCP指纹测试。 一旦确定可疑设备是连接到有线网络的流氓,就产生适当的警报。
-
公开(公告)号:US07668513B2
公开(公告)日:2010-02-23
申请号:US11474652
申请日:2006-06-26
IPC分类号: H04B17/00
CPC分类号: H04L43/12 , H04L41/0213
摘要: A framework for wireless network management applications in an enterprise environment using existing general purpose computing devices is presented. At least one of the devices is configured with a wireless adapter and is used as an AirMonitor to monitor one or more wireless networks. Other devices are configured as LandMonitors to monitor traffic on a wired network in the enterprise environment. At least one inference engine uses the LandMonitors and AirMonitors by assigning them monitoring tasks. Data from the monitoring tasks are stored in a database. Analysis of the data that is computationally intensive is generally performed by the inference engines. Wireless network management applications use the framework by installing and running application-specific components (e.g., filters) on the AirMonitors, LandMonitors, and/or inference engines.
摘要翻译: 介绍了使用现有通用计算设备的企业环境中无线网络管理应用的框架。 至少一个设备配置有无线适配器,并用作AirMonitor来监视一个或多个无线网络。 其他设备被配置为LandMonitor以监视企业环境中有线网络上的流量。 至少一个推理机通过分配监控任务来使用LandMonitor和AirMonitor。 来自监控任务的数据存储在数据库中。 计算密集的数据的分析通常由推理引擎执行。 无线网络管理应用程序通过在AirMonitor,LandMonitor和/或推理引擎上安装和运行特定于应用程序的组件(例如,过滤器)来使用该框架。
-
公开(公告)号:US20080201109A1
公开(公告)日:2008-08-21
申请号:US11680575
申请日:2007-02-28
IPC分类号: G06F11/30
CPC分类号: H04W24/08 , H04L41/5009 , H04L43/0829 , H04L43/0894
摘要: Wireless adapters are installed on one or more general purpose computing devices and are connected via a wireless network in an enterprise environment. The adapters are densely deployed at known locations throughout the environment and are configured as air monitors. The air monitors monitor wireless signals transmitted between transceiver devices and access points and records information about these signals. One or more analysis or inference engines may be deployed to analyze the signals received from the air monitors to obtain optimum performance and connectivity information about the wireless network.
摘要翻译: 无线适配器安装在一个或多个通用计算设备上,并通过企业环境中的无线网络连接。 适配器密集地部署在整个环境中的已知位置,并配置为空气监视器。 空中监视器监视在收发器设备和接入点之间传输的无线信号,并记录关于这些信号的信息。 可以部署一个或多个分析或推理引擎来分析从空中监视器接收的信号,以获得关于无线网络的最佳性能和连接信息。
-
公开(公告)号:US20070298779A1
公开(公告)日:2007-12-27
申请号:US11474652
申请日:2006-06-26
CPC分类号: H04L43/12 , H04L41/0213
摘要: A framework for wireless network management applications in an enterprise environment using existing general purpose computing devices is presented. At least one of the devices is configured with a wireless adapter and is used as an AirMonitor to monitor one or more wireless networks. Other devices are configured as LandMonitors to monitor traffic on a wired network in the enterprise environment. At least one inference engine uses the LandMonitors and AirMonitors by assigning them monitoring tasks. Data from the monitoring tasks are stored in a database. Analysis of the data that is computationally intensive is generally performed by the inference engines. Wireless network management applications use the framework by installing and running application-specific components (e.g., filters) on the AirMonitors, LandMonitors, and/or inference engines.
摘要翻译: 介绍了使用现有通用计算设备的企业环境中无线网络管理应用的框架。 至少一个设备配置有无线适配器,并用作AirMonitor来监视一个或多个无线网络。 其他设备被配置为LandMonitor以监视企业环境中有线网络上的流量。 至少一个推理机通过分配监控任务来使用LandMonitor和AirMonitor。 来自监控任务的数据存储在数据库中。 计算密集的数据的分析通常由推理引擎执行。 无线网络管理应用程序通过在AirMonitor,LandMonitor和/或推理引擎上安装和运行特定于应用程序的组件(例如,过滤器)来使用该框架。
-
公开(公告)号:US07516049B2
公开(公告)日:2009-04-07
申请号:US11680575
申请日:2007-02-28
IPC分类号: G06F11/30
CPC分类号: H04W24/08 , H04L41/5009 , H04L43/0829 , H04L43/0894
摘要: Wireless adapters are installed on one or more general purpose computing devices and are connected via a wireless network in an enterprise environment. The adapters are densely deployed at known locations throughout the environment and are configured as air monitors. The air monitors monitor wireless signals transmitted between transceiver devices and access points and records information about these signals. One or more analysis or inference engines may be deployed to analyze the signals received from the air monitors to obtain optimum performance and connectivity information about the wireless network.
摘要翻译: 无线适配器安装在一个或多个通用计算设备上,并通过企业环境中的无线网络连接。 适配器密集地部署在整个环境中的已知位置,并配置为空气监视器。 空中监视器监视在收发器设备和接入点之间传输的无线信号,并记录关于这些信号的信息。 可以部署一个或多个分析或推理引擎来分析从空中监视器接收的信号,以获得关于无线网络的最佳性能和连接信息。
-
公开(公告)号:US08155662B2
公开(公告)日:2012-04-10
申请号:US11753536
申请日:2007-05-24
CPC分类号: H04W24/02 , G01S5/02 , G01S5/14 , H04L41/0213 , H04L41/0806 , H04L41/0886 , H04L41/12 , H04W64/00 , H04W84/18
摘要: Wireless adapters are installed on one or more general purpose computing devices and are connected via a network in an enterprise environment. The adapters are densely deployed at known locations throughout the environment and are configured as air monitors. The air monitors monitor signals transmitted by one or more transceiver devices and records information about these signals. One or more analysis or inference engines may be deployed to obtain the recorded signal information and the air monitor locations to determine a location of the one or more wireless transceivers devices deployed in the environment.
摘要翻译: 无线适配器安装在一个或多个通用计算设备上,并通过企业环境中的网络连接。 适配器密集地部署在整个环境中的已知位置,并配置为空气监视器。 空气监视器监视由一个或多个收发器设备发送的信号并记录关于这些信号的信息。 可以部署一个或多个分析或推理引擎以获得记录的信号信息和空中监视器位置,以确定部署在环境中的一个或多个无线收发器设备的位置。
-
公开(公告)号:US20080200181A1
公开(公告)日:2008-08-21
申请号:US11753536
申请日:2007-05-24
IPC分类号: H04Q7/20
CPC分类号: H04W24/02 , G01S5/02 , G01S5/14 , H04L41/0213 , H04L41/0806 , H04L41/0886 , H04L41/12 , H04W64/00 , H04W84/18
摘要: Wireless adapters are installed on one or more general purpose computing devices and are connected via a network in an enterprise environment. The adapters are densely deployed at known locations throughout the environment and are configured as air monitors. The air monitors monitor signals transmitted by one or more transceiver devices and records information about these signals. One or more analysis or inference engines may be deployed to obtain the recorded signal information and the air monitor locations to determine a location of the one or more wireless transceivers devices deployed in the environment.
摘要翻译: 无线适配器安装在一个或多个通用计算设备上,并通过企业环境中的网络连接。 适配器密集地部署在整个环境中的已知位置,并配置为空气监视器。 空气监视器监视由一个或多个收发器设备发送的信号并记录关于这些信号的信息。 可以部署一个或多个分析或推理引擎以获得记录的信号信息和空中监视器位置,以确定部署在环境中的一个或多个无线收发器设备的位置。
-
10.发明申请Managing Dense Wireless Access Point Infrastructures in Wireless Local Area Networks 有权管理无线局域网中的密集无线接入点基础设施公开(公告)号:US20080316982A1
公开(公告)日:2008-12-25
申请号:US11766013
申请日:2007-06-20
IPC分类号: H04Q7/24
摘要: Techniques for enhancing the throughput capacity available to client devices connected to a wireless local area network (WLAN) are described. Specifically, existing WLAN resources are converted into wireless access points (APs) to create a dense infrastructure of wireless APs. To leverage this dense AP infrastructure, central management techniques are employed. With client-to-AP mapping, these techniques are used to prevent the discovery of multiple APs in a WLAN by a client device and to select a single AP (using certain policies) to associate with the client device and provide it with an enhanced wireless connection to the WLAN. Additionally, techniques are employed to centrally determine, using central policies, when the AP should disassociate from the client device and when another centrally selected AP should respond to, and associate with, the client device to provide it with an enhanced wireless connection to the WLAN—without interrupting/disrupting the client device's access.
摘要翻译: 描述了用于增强连接到无线局域网(WLAN)的客户端设备的可用吞吐量的技术。 具体来说,将现有的WLAN资源转换成无线接入点(AP)以创建无线AP的密集基础设施。 为了利用这一密集的AP基础设施,采用中央管理技术。 使用客户端到AP映射,这些技术用于防止客户端设备在WLAN中发现多个AP,并选择单个AP(使用特定策略)与客户端设备关联并向其提供增强型无线 连接到WLAN。 另外,采用技术来集中确定使用中央策略时,AP应该与客户端设备脱离关系,以及当另一个集中选择的AP应该响应客户端设备并与客户端设备相关联,以向WLAN提供增强的无线连接时 - 不中断/中断客户端设备的访问。
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.055 秒)
