CA2529411C - A method, apparatus, and software product for detecting rogue access points in a wireless network - Google Patents

A method, apparatus, and software product for detecting rogue access points in a wireless network Download PDF

Info

Publication number
CA2529411C
CA2529411C CA002529411A CA2529411A CA2529411C CA 2529411 C CA2529411 C CA 2529411C CA 002529411 A CA002529411 A CA 002529411A CA 2529411 A CA2529411 A CA 2529411A CA 2529411 C CA2529411 C CA 2529411C
Authority
CA
Canada
Prior art keywords
managed
information
beacon
request
potential rogue
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CA002529411A
Other languages
French (fr)
Other versions
CA2529411A1 (en
Inventor
Timothy S. Olson
Daryl A. Kaiser
Pejman D. Roshan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cisco Technology Inc
Original Assignee
Cisco Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Technology Inc filed Critical Cisco Technology Inc
Publication of CA2529411A1 publication Critical patent/CA2529411A1/en
Application granted granted Critical
Publication of CA2529411C publication Critical patent/CA2529411C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Abstract

A method, an apparatus, and a software program to implement a method to detect a rogue access point of a wireless network. The method includes maintaining an AP database that includes information about managed access point (APs) and friendly APs, including the MAC address of each managed AP. The method further includes sending a scan request to one or more managed APs, including one or more of a request for the receiving managed AP to scan for beacons and probe responses and a request for the receiving managed AP to request its clients to' scan for beacons and probe responses. The method further includes receiving reports from at least one of the receiving managed APs, a report including information on any beacon or probe response received that was sent by an AP. For each beacon or probe response on which information is received, the method analyzes the information received in the report about the AP that sent the beacon or probe response, the analyzing including ascertaining if the MAC address of the AP that sent the beacon or probe response matches a MAC
address of an AP in the AP database to ascertain whether or not the AP is a potential rogue AP or a managed or friendly AP.

Description

Replacement Pages 1, 3, 19, 23, 26 Application No. 2,529,411 A METHOD, APPARATUS, AND SOFTWARE PRODUCT FOR
DETECTING ROGUE ACCESS POINTS IN A WIRELESS
NETWORK
[0001] This invention is related to issued U.S. Patent No. 6,990,428 titled "RADIOLOCATION USING A PATH LOSS DATA" to inventors Kaiser, et al., Docket/Reference No. CISCO-7391, assigned to the assignee of the present invention.
BACKGROUND
[0002] The present invention is related to wireless networks, and in particular to network security and detecting rogue access points in an infrastructure wireless network.
[0003] Use of wireless networks such as wireless local area networks (WLANs) is becoming widespread. Furthermore, network security is becoming more and more important. Wireless networks present important network security concerns. One such concern is detecting rogue wireless stations.
[0004] A WLAN may be ad hoc, in that any station may communicate directly with any other station, or have an infrastructure in which a station can only communicate with another station via an access point (AP). The access point is typically coupled to other networks that may be wired or wireless, e.g., to the Internet or to an intranet. That wider network is called the "wired" network herein, and it is to be understood that this wired network may be an internetwork that include other wireless networks.
[0005] One aspect of the present invention addresses detecting rogue APs. We are mostly concerned with two types of rogue APs:

[0007] = An AR that is connected to a wired network of interest, e. g., to an otherwise secure LAN without authorization, and that thus may present a security hole for the secure network.

[0008] = An AP that is not connected to the wired network of interest but is in the radio environment of a wireless network (WLAN) of interest. Such an AP, by accepting associations may interfere with the WLAN of interest, e.g., by hampering potential client stations ("clients") from accessing their wireless network.

[0009] A rogue AP may be a malicious or non-malicious rogue AP. A non-malicious AP, for example, is the AP of a user who sets up such an AP for personal use either connected to the wired network of interest not in the wireless network of interest, without intentionally thwarting detection. Such a user is likely to use out-of-the-box default configuration. Therefore, when used in the radio environment of a WLAN of interest, the SSID of such a non-malicious AP typically will not match the SSID of the WLAN
of interest.

[0010] A inalicious rogue AP is one set up by a user in order to gain access to a wired network of interest, e.g., a secure LAN. Such a malicious AP may spoof the MAC
address of a legitimate AP. Such a malicious AP may further set parameters such as the power, channel, and SSID again to spoof those of a legitimate AP in order to minimize the likelihood of being detected.

[0011] WLANs suffer several potential problems because of rogue access points.
A rogue access point when connected to a secure network may cause the network to become insecure if proper security measures have not been enabled on the access point. In a well-designed WLAN the access points typically have been and configured to provide a certain level of coverage and capacity. Rogue access points can cause degradation to such planned coverage and capacity by causing contention with a legitimate access point, by causing collisions with a legitimate access point, and even by possibly causing denial of service for a legitimate client station.

[0012] There therefore is a need in the art for methods of detecting rogue APs.

[0013] Prior art methods for detecting rogue access points include having clients report failed authentication attempts on other APs, or detecting failed authentication attempts by Replacement Pages 1, 3, 19, 23, 26 Application No. 2,529,411 3 the APs themselves. For example, an authentication tattletale method is known for reporting rogue access points. See U.S. Patent No. 7,181,530 titled "ROGUE AP
DETECTION" to Halasz, et al., filed 27-Jul-200 1, assigned to the assignee of the present invention. Such a prior-art method typically includes configuring a station with the appropriate identifier of the WLAN -a service set identifier (SSID)-to make an authentication attempt. Only rogues that are in the proper location to the clients i.e., in radio contact for an attempt at authentication can be detected. This can result in a delayed detection or no detection at all.

[0013] Other prior art methods include using some type of sniffer device that can be carried in the WLAN coverage area. An operator periodically walks the WLAN
coverage with the sniffer device making measurements to search for rogue APs. See, for example, "AiroPeek and Wireless Security: Identifying and Locating Rogue Access Points"
from WildPackets, Inc., Walnut Creek, CA (version dated Sep. 11, 2002).

[0014] Also known is a sniffer technique that uses APs as sniffers. See, for example, the document "AirWave Rogue Access Point Detection," from AirWave Wireless, Inc., San Mateo, California (www.airwave.com). Such APs are managed from a central location by a management entity. Most of the time, such a managed AP acts as regular access point.
When a rogue scan is being conducted, a management entity issues a command, e.g., an SNMP command to the managed AP, converting it into a wireless sniffer. The managed AP scans the airwaves within its coverage radius, looking for traffic on all channels. The AP then reports all data back to the management entity as a trace, and then returns to normal operation mode. The management entity analyzes the traces from managed APs and sentry devices, comparing the detected APs to its database of authentic, managed APs. Such a method, however requires the AP to cease normal operation.

[0015] Prior art techniques are known for detecting rogue APs that require having a connection, e.g., a wired connection to the rogue AP. However, because a rogue AP may be a device installed at a neighboring location, detection methods that require a wired connection may not always succeed.

[0016] Thus there is a need for a detection method that does not necessarily require a client to be in the area and that does not need special client configuration and that does not need an AP to stop its normal operation.

SUMMARY

[0018] Disclosed herein are a method, apparatus, and software product for detecting rogue access points. The proposed method can automatically detect rogue APs very quickly and possibly provide a broad location indication.

[0019] In one embodiment, the method includes maintaining an AP database that includes information about managed access points (APs) and friendly APs, defined to be known APs that are in the neighborhood of the managed network or that are known to clients of managed APs, i.e., to managed clients, and that are known to not cause problems, e.g.
interference, to the managed wireless network. The method further includes sending a . . .
scan request to one or more managed APs, including one or more of a request for the receiving managed AP to scan for beacons and probe responses and a request for the receiving managed AP to request its clients to scan for beacons and probe responses. The method filrther includes receiving reports from at least one of the receiving managed APs, a report including information on any beacon or probe response received that was sent by an AP. For each beacon or probe response on which information is received, the method analyzes the information received in the report about the AP that sent the beacon or probe response, the analyzing including ascertaining if the MAC address of the AP
that sent the beacon or probe response matches a MAC address of an AP in the AP database to ascertain whether or not the AP is a potential rogue AP or a managed or friendly AP.
[0020] In another embodiment, a method implemented in an access point of a wireless network is described. The method includes receiving a scan request at the AP
to scan for beacons and probe responses, the request received from a WLAN manager managing a set of managed APs and client stations of the managed APs. The WLAN's managing includes maintaining an AP database that contains information about managed APs and friendly APs of the wireless networlc. The method of the AP includes one or both of listening for beacons and probe responses at the AP itself or sending a client request to one or more client stations associated with the AP to listen for beacons and probe responses. In the case that a client request was sent, the method includes receiving a client report from at least one of the client stations to which the client request was sent, the client report including information on any beacon or probe response received from a potential rogue AP. The method further includes sending a scan report to the WLAN manager including information on any beacon or probe response received from a potential rogue AP
by the AP receiving the scan request or, in the case that a client request was sent, by any client stations from which a report was received. The information includes the MAC
address of the potential rogue AP.

[0021] For each beacon or probe response on which information is received at the WLAN
manager, the WLAN manager may analyze the information received in the report about the potential rogue AP that sent the beacon or probe response, including ascertaining whether the MAC address of the potential rogue AP matches a MAC address of an AP in the AP database, leads to ascertaining whether or not the potential AP is likely to be a rogue AP.

BRIEF DESCRIPTION OF THE DRAWINGS

[0022] FIG. 1 shows a simple network that includes a WLAN manager on which one embodiment of the invention is implemented.

[0023] FIG. 2 shows the managed network of FIG. 1 with several rogue APs present, and illustrates the type of rogue APs that may be detected using embodiments of the invention.

[0024] FIG. 3 shows one embodiment of a wireless station 300 that may be an AP
or a client station and that implements one or more aspects of the invention.

[0025] FIG. 4 shows a flow chart that includes in detail of the steps setting up, requesting, and receiving reports of the scans according to an embodiment of the invention.

[0026] FIG. 5 is a flow chart that describes the case of a Measurement Request Message including a request to schedule a managed AP to instruct one or more clients to perform scanning and report the results, according to an embodiment of the invention.

[0027] FIG. 6 shows the messaging and tasking at each entity of a simple example network.

[0028] FIG. 7 shows a flow chart of one embodiment of a method of detecting rogue access points.

DETAILED DESCRIPTION

[0029] Described herein is a method for detecting rogue access points, including malicious and non-malicious access points. The invention will be described in the context
6 of the IEEE 802.11 standard for WLANs. The invention, however, is not restricted to WLANs that conform to the IEEE 802.11 standard.

The Managed Wireless Network [0030] One embodiment of the invention operates in a managed wireless network in which the APs and their clients are managed by a central management entity.
Depending on the size and complexity, a managed network is either a set of APs with a central control entity, or a hierarchical structure with a set of hierarchical control domains. Each control domain is managed by a management entity we call a manager herein. The number of levels in the hierarchy depends on the complexity and/or size of the network, and thus not all managed networks have all levels of control. For example, a simple managed network may only have one level of control with a single management entity controlling all the APs. Factors that influenced the selection of control domains include one or more of: the various types of IP subnet configurations; the radio proximity of the access points; the client station roaming patterns; the real time roaming requirements; and the physical constraints of the network (e.g. campus, building, and so forth.).

[0031] For example, one set of hierarchical domains includes a WLAN Campus Control Domain that is a region of integrated control over radio, mobility, QoS, and security aspects of a WLAN. Generally, a Campus Control Domain spans an enterprise campus that resides in a particular geographic location. Note that it is possible to have a higher-level network control entity join multiple Campus Control Domains together. As a WLAN expands it can grow large enough that a single control entity is unable to handle the intelligent control for all the APs in the campus. In such a case, the WLAN Campus Control Domain may be segmented into WLAN Local Control Domains, each providing a subset of the functionality that is seen in the WLAN Campus Control Domain.
A
WLAN Local Control Domain, for example, may span a single building.

[0032] A WLAN Local Control Domain may contain one or more Subnet Control Domains. The Subnet Control Domain contains all the APs within a single IP
subnet or native virtual LAN (VLAN). Note that if no WLAN Local Control Domains exist, then the Subnet Control Domains would only be contained within the WLAN Campus Control Domain.
7 [0033] The domains are managed by one or more management entities we call managers.
Because of the hierarchical nature of the control domains, the associated managers are also naturally connected in a hierarchical manner. Thus, in the example above, a controller we call the Campus Context Manager, also called the WLAN Manager is the highest point of context control in the hierarchy. The WLAN Manager manages several aspects of the wireless network, e.g., security, and in one embodiment, authorizes a set of access points in the network-we call these the managed access poiftts-including maintaining an AP database that includes the managed APs, e.g., a list of the managed APs together with some data related to these APs. The AP database also includes information about other APs the WLAN manager knows about. The WLAN Manager also managed the rogue AP detection aspects of the present invention. A single WLAN
Manager is typically deployed to handle all the wireless clients within the enterprise campus.

[0034] If a given WLAN is segmented into multiple Local Control Domains, managers we call the Local Coittext Managers provide the next point of context control in the WLAN hierarchy, just below the WLAN Manager. A Local Context Manager manages client context information within each of these Local Control Domains and provides nearly all the same functionality as a WLAN Manager.

[0035] Within the WLAN Local Control Domain there are various control managers that handle different aspects of the WLAN such as QoS, client context transfer and radio management. The present invention is concerned with radio management.

[0036] If no Local Control Domains exist, then the other control managers would essentially operate at the same level as the WLAN Manager.

[0037] A controller we call the Subnet Context Maitager provides the lowest level of context control within the WLAN hierarchy. One Subnet Context Manager is used within each subnet (or native VLAN) to coordinate client context transfer for roaming. The Subnet Context Manager manages client context transfer within the subnet. In one embodiment, Mobile IP is supported without requiring any modification to clients.
Working in conjunction with the APs, the Subnet Context Manager provides proxy-Mobile IP services, and transparently handles all Mobile IP signaling requirements on behalf of all clients within the subnet.

g [0038] A controller we call the Radio Manager provides intelligent centralized control of various aspects of'the radio environmerit within a giveri set of APs. A single Radio Manager handles the radio aspects of all the APs within a given WLAN Local Control Domain or the WLAN Campus Control Domain if no local control domains exist.
The Radio Manager provides the ability to determine network wide radio parameters during initial network deployment and network expansion. The Radio Manager centrally coordinates all client and AP measurements, e.g., in order to detect rogue access points.
[0039] Aspects of the invention are implemented on the Radio Manager and use the measurements made under control or direction of the Radio Manager. However, the invention does not require there to be a separate Radio Manager entity. The functionality of the Radio Manager may be incorporated into any of the other entities, e.g., the Local Context Manager or WLAN Manager when there are no Local Control Domains.
Furthermore, these entities may be combined with other functionalities, e.g., switching, routing, etc.

[0040] Other management entities may be included at the Local Control Domain or Campus Control Domain if there are no Local Control Domains, such as network management to provide standard device network management functionality for any of the Subnet Context Managers, Quality of Service (QoS) management, and so forth.

[0041] When a WLAN is managed, one or more aspects of the invention (and of WLAN
management in general) use information that is stored in a persistent database we call the Confzguration Database. The Configuration Database is the repository that all the Subnet Context Managers may use to save any persistent data. In one configuration, a single Configuration Database exists within the WLAN Campus Control Domain. The Configuration Database either coexists with the Campus Context Manager or an external database may be used. The Coyifiguration Database also includes the AP
database that includes information about the managed APs and other APs the WLAN manager is aware of.

[0042] The invention is explained herein with reference to a simple network shown in FIG. 1. The network is not divided into Local Control Domains. All managers are assumed incoiporated into a single management entity-a WLAN Manager 103-that has access to the Configuration Database. It is to be understood that the WLAN
Manager incorporates the functions of the Radio Manager. In one embodiment, the WLAN
substantially conforms to the IEEE 802.11 standard. By substantially conforming we mean compatible with. Some aspects of the IEEE 802.11 standard are modified slightly to accommodate some management aspects used in the invention. Furthermore, stations of the network measure the received signal strength relatively accurately.

[0043] In one embodiment, each of the wireless network management entities described above is implemented as software running under a network operating system such as IOS
(Cisco Systems, Inc., San Jose California) on a processing system that includes one or more processors and that also carries out other network functions. Thus, the WLAN
Manager, including aspects of the invention, may be implemented on a network switch or on a router. Similarly, the Subnet Context Manager may be iznplemented on a network switch or on a router.

[0044] In FIG. 1, the WLAN manager 103 is shown including a processing system that includes one or more processors and a memory 121. The memory 121 includes instructions that cause one or more processors of the processing system 123 to implement the aspects of the present invention that are implemented in the WLAN Manager.
The WLAN manager includes a network interface 125 for coupling to a network, typically wired. In one embodiment, the WLAN manager 103 is part of a network switch.

[0045] The WLAN Manager 103 is coupled via its network interface 125 and a network (typically a wired network) to a set of Subnet Context Managers. One such Subnet Context Manager is shown as element 105 in FIG. 1. All managed APs in a subnet register with a Subnet Context Manager. For example, in FIG. 1, the APs named AP1 and AP2 (107 and 109, respectively) each are part of the same subnet and have a network connection to Subnet Context Manager 105. Any management communication between the WLAN Manager 103 and APs 107 and 109 is then via the Subnet Context Manager 105.

[0046] A client station associates with an AP. Thus, in FIG. 1, APs 107 and 109 each are shown with associated clients 113, 115, and 117, 119, respectively. By a aanaged client we mean a client that associates with a managed AP. A fnanaged wireless station is thus either a managed AP or a managed client. Thus, clients 113, 115, 117, and 119 are managed clients.

[0047] FIG. 2 shows the managed network of FIG. 1 with several rogue APs present, and illustrates the type of rogue APs that may be detected using embodiments of the invention. The managed APs 107 and 109 have approximate limits of their respective radio ranges shown by dotted lines 217 and 219, respectively. By way of example, a malicious AP is shown as AP3 203 having a limit of radio range 223. Two non-malicious rogues are shown as AP4 and AP6 with reference numerals 205 and 209, respectively, and approximate limits of radio range 225 and 229, respectively. Another non-managed AP is shown as AP5 207 having an approximate limit of radio range shown as 227. In this example, suppose AP5 is at a cafe frequented by a managed client of managed AP
107.
Thus, the rogue AP3 203 is in radio range with client 119 of managed AP2 109.
Similarly, ,., , , ., . .
the rogue AP4 203 is in radio range with client 115 of managed AP1 107. The rogue AP6 209 is in range of the managed AP 1 107. The managed client 113 is in radio range of AP5 while not in radio range of its normal managed AP 107, and later returns to the radio range of its managed AP 107.
Radio Measurement [0048] A wireless network uses management frames at the MAC layer designed, sent, and received for management purposes. For example, in a WLAN that conforms to the IEEE
802.11 standard, an AP regularly transmits beacon frames that announce the AP's presence, i.e., advertises the AP's services to potential clients so that a client may associate with the AP. Similarly, a client can send a probe request frame requesting any AP in its radio range to respond with a probe response frame that, in a similar manner to a beacon fraine, provides information for the requesting client (and any other radios in its radio range and able to receive its channel) sufficient for a client to decide whether or not to associate with the AP.

[0049] Aspects of the invention use data from and/or about beacons and probe responses received at APs and/or client stations. The obtaining and receiving of such data is managed by the WLAN Manager 103.

[0050] By passive scanning, we mean listening for beacons and probe responses without first transmitting a probe request. Thus, for an AP, passive scanning is the listening for and recording of information from beacons and probe responses from other APs that are transmitting such beacons and probe responses. For a client, passive scanning is the listening for and recording of information from beacons and probe responses from APs other than the clients AP that are transmitting such-beacons and probe responses.

[0051] The use of passive scanning is an important aspect of the invention because it provides for rogue detection concurrent with normal processing at the station, e.g., at the AP.

[0052] By active scanning, we mean transmitting a probe request prior to listening for beacons and probe responses. Both active and passive scanning can occur on the same channel used for wireless cominunication (the "serving" channel) or other channels ("non-serving" channels). For non-serving channels typically an active scan is used.
One method we call incremental active scanning wherein the station probes another channel. Another we callfull active scanning wherein the serving channel is vacated to probe all channels.
Most wireless network interface devices support a mode usually called monitor mode wherein traffic on all channels is recorded, and this can be used for full active scanning.

[0053] FIG. 3 shows one embodiment of a wireless station 300 that may be an AP
or a client station and that implements one or more aspects of the invention. While a wireless station such as station 300 is generally prior art, a wireless station that includes aspects of the present invention, e.g., in the form of software, is not necessarily prior art. The radio part 301 includes one or more antennas 303 that are coupled to a radio transceiver 305 including an analog RF part and a digital modem. The radio part thus implements the physical layer (the PHY). The digital modem of PHY 301 is coupled to a MAC
processor 307 that implements the MAC processing of the station. The MAC processor 307 is connected via one or more busses, shown symbolically as a single bus subsystem 311, to a host processor 313. The host processor includes a memory subsystem, e.g., RAM
and/or ROM connected to the host bus, shown here as part of bus subsystem 311.
Station 300 includes an interface 321 to a wired network.

[0054] In one einbodiment, the MAC processing, e.g., the IEEE 802.11 MAC
protocol is implemented totally at the MAC processor 307. The Processor 307 includes a memory that stores the instructions for the MAC processor 307 to implement the MAC
processing, and in one embodiment, some or all of the additional processing used by the present invention. The memory is typically but not necessarily a ROM and the software is typically in the form of firmware.

[0055] The MAC processor is controlled by the host processor 313:,In one embodiment, some of the MAC processing is implemented at the MAC processor 307, and some is implemented at the host. In such a case, the instructions for the host'313 to implement the host-implemented MAC processing are stored in the memory 315. In one embodiment, some or all of the additional processing used by the present invention is also implemented by the host. These instructions are shown as part 317 of memory.

[0056] According to one aspect of the invention, each station such as station maintains a database of the beacons and probe responses it receives. Beacons and probe responses are stored in the database under one or more circumstances, e.g., when the station determines whether or not to associate with an AP. In the context of aspects of the present invention, beacons and probe responses received at the station are stored in the database as a result of an active scan or a passive scan. We call this database the Beacon Table. As shown in FIG. 3, in one embodiment, the Beacon Table 319 is in the memory 315 of the station. Other embodiments store the Beacon Table 319 outside of memory 315. A station stores the information in the beacons and probe responses in its Beacon Table 319, and further stores additional information about the state of the station when it receives the beacon.

[0057] According to an aspect of the invention, a station such as station 300 when implementing an AP is capable of passi,ve scanning. According to yet another aspect of the invention, a station such as station 300 when implementing a client station is capable of passive scanning.

[0058] Because the station stores beacons and probe responses it has received in its Beacon Table, one form of passive scanning includes simply reporting the accumulated contents of the station's Beacon Table. Note that an alternate embodiment may alternately include the station's listening for a specified period of time and reporting the incremental Beacon Table information for the specified period of time.

[0059] According to yet another aspect, a station such as station 300 when implementing an AP is capable of active scanning, in particular incremental active scanning. To carry out an incremental active scan, the AP vacates its serving channel and probes one or more channels by sending a probe request frame on that/those channel(s). The AP
prevents client transmissions by scheduling a contention- free period (CFP).
Alternatively the AP

can prevent client transmissions by transmitting an unsolicited CTS with a duration long enough to cover the active scan time. According to yet another aspect, station 300 when implementing a client is capable of active scanning, in particular incremental active scanning. To carry out an incremental active scan, the client station vacates its serving channel and probes one or more channels by sending a probe request frame on that/those channel(s). In the case of a client, the active scan includes reporting back the results of probing the other channel(s). In order to prevent client transmissions from the serving AP
the client must indicate that it is in a power save mode. Alternatively the client can use specific local knowledge such as application operation to assure that the AP
will not send any transmissions directed at the client.

[0060] Scanning includes storing the information from beacons and probe responses received at the station, e.g., by passive or active scanning in the Beacon Table.
Radio Management Tasks and Communication Protocols [0061] Aspects of the invention use radio measurement in managed APs and their clients, in particular as a result of passive and/or active scanning for beacons and probe responses.
One embodiment uses a modified MAC protocol that adds transmission power control (TPC) and dynamic frequency selection (DFS). This may be a modification of the IEEE 802.11h standard. TPC limits the transmitted power to the minimum needed to reach the furthest user. DFS selects the radio channel at an AP to minimize interference with other systems, e.g., radar. Thus the IEEE 802.11h proposal provides for power control, channel scan, and frequency selection. However, the inventors have found that 802.11's measurements decrease throughout. The IEEE 802.11h architecture (as of June 2003) uses a one-to-one request/response mechanism that may be inefficient.

[0062] Another embodiment, described in more detail herein, uses a protocol that differs from the presently proposed 802.11 protocol by providing for tasking at the AP
and, in turn, at a client to autonomously carry out passive and/or active scanning for beacons and probe responses according to a schedule.

[0063] In one embodiment, the information reported includes, for each detected AP
information about the detection, and information about or obtained from contents of the beacon/probe response. The detection information includes one or more of:

[0064] 0 The detected AP's BSSID, e.g., in the form of a MAC address.

[0065] = The channel the AP's probe response was received on.

[0066] = The MAC address of the" receiving station.

[0067] = The RSSI detected at the PHY of the receiver of the beacon/probe response.

[0068] = Any other measures of received signal quality of the received beacon/probe response available at the PHY of the receiving station.

[0069] = Other received beacons. This may help locate the detecting station.
[0070] The beacon/probe response information sent includes one or more of:
(0071] = The SSID in the beacon or probe response.

[0072] = Beacon time (TSF timer) information. In one embodiment, this is sent in the form of TSF offset determined by comparing the timestamp in the beacon/.pxobe response with the TSF timer at the managed AP receiving the response or at the managed client receiving the response.

[0073] = Configuration parameters included in the received beacon/probe response.
[0074] Note that some of this information is beyond what is presently (June 2003) proposed for IEEE 802.11h. Further note that while the IEEE 802.11 standard specifies that a relative RSSI value be determined at the physical level (the PHY), one aspect of the invention uses the fact that many modern radios include a PHY that provides relatively accurate absolute RSSI measurements. Thus, the reports include the RSSI
detected at the PHY of the receiver of the received beacon/probe response. In one embodiment, RSSIs detected at the PHYs are used to determine location information from path loss.

[0075] One embodiment uses a protocol we call the WLAN Manager to AP
Measurement Protocol to set up the passive and/or active scanning and communicate reports thereof. According to this protocol, the WLAN-Manager can send a message we call a Measurenaent Request Message to, and receives report messages we call Measurement Report Messages from one or more managed APs, either directly, or via one or more Subnet Context Managers. The messages are encapsulated in IP
packets, e.g., in Ethernet frames or UDP/TCUIP packets. In one embodiment, Ethernet is used between t a Subnet Context Manager and an AP, while IP encapsulation is used for inter-subnet messages.

[0076] In the case that the Measurement Request Message is to a Subnet Context Manager, the Measurement Request Message includes a measurement request routing list where one or more APs may reside and the request message for such APs. A
Subset Context Manager receiving a Measurement Request Message forwards the request message to each AP in the routing list in the form of individual Measurement Request Messages for each destination AP. Each Measurement Request Mes`sage to an AP
includes a specification of what actions are to be taken, how, and when, and applies to the AP and in one embodiment, to one or more of the AP's clients. According to the Measurement Request Message, the AP schedules its own measurements. In one einbodiment, the WLAN Manager-to-AP Measurement Protocol provides for requesting a stream of measurements of specified duration and recurring as a specified periodic rate.
The WLAN Manager may request measurements to be performed serially or in parallel.

[0077] The AP receiving the Measurement Request Message schedules the actual measurements. In one embodiment, the AP receiving a Measurement Request Message responds with a message we call a Measurement Request Acknowledgment Message, while in another embodiment, no acknowledgement is used.

[0078] In the case that the Measurement Request Message includes a schedule for one or more clients, the AP translates the Measurement Request Message into a measurement request for each client. In one einbodiment, the measurement communication between the APs and clients uses MAC frames that conform to a modification of the IEEE
802.11 standard MAC protocol we call the AP-to-client Measurefnent MAC Protocol herein.

[0079] An AP receiving a Measurement Request Message periodically sends a report message we call a Measurenzent Report Message herein that includes reports from each station performing a measurement. The report part for each station includes the type of station performing the measurement (AP, client, and so forth), the MAC of the measuring station, and the actual measurement data. In this invention, we are concerned with reports of beacons and probe responses received at a station, and such a report in one embodiment includes the received signal strength (RSSI), e.g., in dBm, the channel, the measurement duration, the BSSID,,'Z'SF information,in the beaconlprobe response, .and of the station receiving the beacon/probe response, the beacon interval, the capability contained in the beacon, and one or more other items of information.

[0080] The Measurement Report Messages are sent directly to the WLAN manager if no Subnet Context Managers are involved. In the case a context manager is in the path to the WLAN manager, the Subnet Context Manager receives the Measurement Report Messages from a set of APs in its subnet, and aggregates these to form an aggregated report that includes the individual reports. The aggregated report is sent as a Measurement Report Message to the WLAN manager.

The AP-to-client Measurement MAC Protocol [0081] The AP-to-client Measurement MAC Protocol includes standard the IEEE
802.11 standard frames that are modified to include additional information that may be used by one or more embodiments of the invention. Any standard type MAC frames that conform to the AP-to-client Measurement MAC Protocol include an indicatiQn of such conformity.
For example, an association request frame includes an element that indicated whether or not the station supports radio management including the ability to carry out and report the client measurements described herein. A beacon frame and a probe frame that conform to the AP-to-client Measurement MAC Protocol may include the transmit power of the AP
transmitting the frame.

[0082] A frame we call the Measurement Request Frame from the AP requests an active or passive scan by a client at a scheduled scan time with a report at a scheduled reporting time. Another message from the client to the AP produces a report back to AP
on schedule. The Measurement Request Frame includes an identifier to be used by a responding client, scheduling information indicate when the action is to take place, and a set of one or more measurement report elements. The measurement report elements include indications as to what sort of report is requested, for example the report from an active scan, the report from a passive scan, or the station's accumulated Beacon Table without any scan.

[0083] A frame we call the Measuj=ement Report Frame from the client provides a report in response to a Measurement Request Frame. The Report frame includes the MAC
address of the station providing the report, the identifier from the corresponding Measurement Request Frame, and one or more measurement elements. The measurement elements for the case of a beacon or probe response include one or more of the channel number, the duration over which the beacon/probe response was measured, the PHY type (DSS, 5 GHz OFDM, and so forth), the RSSI of the beacon/probe response, the parent TSF, e.g., all or some of the lower order bits of the serving AP's TSF at the time the client received the beacon or probe response, the TSF in the beacon/probe response, and one or more other elements that are in the received beacon/probe response frame.

[0084] Rogue AP Detection Using Radio Measurements [0085] One embodiment of the rogue detection method uses information about beacons and probe responses received by APs and/or client stations that are managed by the WLAN manager 107. The method will be described by way of example using FIG. 6 that shows the tasks and messaging performed by the WLAN M.anager 103, the Subnet Context Manager 105, the AP 107 in the subnet of Subnet Context Manager 105, and a client 115 of the AP 107.

Overall Method usizig Radio Measurements [0086] FIG. 7 shows the basic steps of the method. In step 703, the WLAN
Manager 107 maintains an AP database that includes information about the APs that it manages. The AP database also includes information about the managed. APs and about known APs that are in the neighborhood of the managed network or that are known to clients of managed APs, i.e., to managed clients, and that are known to not cause problems, e.g.
interference, to the managed wireless network. Such APs are called fi=iendly APs. One example of a friendly AP is an AP at a coffee shop where an employee of the enterprise often works using a computer that is a managed client and that associates with this friendly AP. The AP database also includes information about rogue APs. In one embodiment, the AP
database is in the Configuration Database and is automatically updated from time to time.

[0087] The information stored in the AP database about an AP includes the information from any beacon or probe response frame from such an AP, and any 802.11 information about the AP. In one embodiment, the 802.11 information includes the maximum power, the frequencies, and other 802.11 parameters. In some embodiment, the information further may include location information. In some embodiment, the information for each AP may further include other fields, e.g., fields used for other aspects of wireless network management. For example, in a managed network, it may be that the radio settings of the AP are managed and thus the WLAN manager knows the radio settings for the AP.
The location of the AP also may be known.

[0088] One aspect of the invention compared information obtained from scanning for beacons or probe responses to information in the AP database. The comparison is of information from managed APs and in one embodiment, the clients of the managed APs about beacons or probe responses received from a potential rogue AP with information stored in the AP database about managed APs, friendly APs, and known or suspected rogue APs.

[0089] In one embodiment, the maintaining of the AP database includes updating the information in the AP database from time to time. The updating is automatic, e.g., whenever new information is obtained on potential rogue APs or whenever AP
configurations are changed.

[0090] Thus, in a step 707, the WLAN manager sends one or more requests to one or more managed APs to carry out scanning. In one embodiment, the scanning by the APs is passive scanning. In another embodiment, the scanning by the APs is active scanning of one or more channels where potential rogue APs could be transmitting. Because a rogue AP may be outside the radio range of any managed APs, but still in the range of one or more clients of managed APs, in one embodiment, the request to the managed APs includes an instruction to request'such'APs'- clients to 'carry out scanriing.
In one embodiment, the scanning by the managed clients is passive scanning. In another embodiment, the scanning by the managed clients is active scanning of one or more channels where a potential rogue AP could be transmitting.

[0091] As a result of such reqtiest, in a step 707, the WLAN manager receives reports from the APs and their clients on any beacons and probe responses received in the scanning by the APs and/or clients.

[0092] In a step 709, the WLAN manager analyzes information obtained in the received reports about the APs that transmitted the received beacons or probe responses, the analyzing including comparing with information in the AP database. The analysis step is discussed in more detail below. In summary, step 709 is to determine whether or not the transmitting AP is in the AP database. The MAC address (the BSSID) of the AP
that sent the response is used to. search the AP database for a match. In one embodiment, the Replacement Pages 1, 3, 19, 23, 26 Application No. 2,529,411 19 analysis includes comparing configuration information in the beacon/probe response with information stored in the AP database about the configuration of managed APs.
In one embodiment, the analysis further includes using timing information. In one embodiment, the analysis further includes using known location information of managed APs together with the timing information to determine the approximate location of the potential rogue AP in order to further ascertain whether the AP is likely to be a rogue. The results of the analysis step 709 include a classification of each AP as a friendly AP or a potential rogue AP.

[0092] One embodiment further includes step 711 of attempting to locate the receiving stations receiving the beacon and/or probe responses in order to attempt locating the potential rogue AP(s) to further ascertain whether or not the AP is likely to be a rogue.
One location method uses the RSSI at the station receiving the beacon/probe reponse together with a calibrated path loss model of the environment providing path losses at various locations to/from managed stations at known locations. The method is described further below and in concurrently filed issued U.S. Patent No. 6,990,428, titled "RADIOLOCATION USING PATH LOSS DATA" to inventors Kaiser, et al., Docket/Reference No. CISCO-7391, assigned to the assignee of the present invention.

[0093] One embodiment further includes step 713 of combining the results of the analysis with the results of one or more complementary rogue AP detection techniques.
One such complementary technique includes a client reporting to a serving AP a failed previous authentication attempt with an AP, for example including identifying the suspected AP by its MAC address. One implementation uses an IEEE 802.1X over IEEE 802.11 security system, according to which client and APs are placed in an authentication server database.
When a client authenticates, a session key gets delivered to the client and the access point separately. A client detects a failed authentication when it cannot use the session key after it has authenticated with the authentication server. The client eventually associates with another, now managed AP, and reports the potential rogue AP via the managed AP, to the WLAN manager. Such a complementary method is described in U.S. Patent No.
7,181,530, filed July, 27, 2001, titled "ROGUE AP DETECTION," to inventors Halasz, et al., assigned to the assignee of the present invention.

[0095] Using the radio location, the wireless network administrator (the IT
person responsible for WLAN management; a user of the WLAN manager) can attempt to physically locate the AP. After locating the AP the administrator can classify the AP as either rogue, managed or friendly and update the WLAN database with information about the AP, including its classification as rogue, managed or friendly. If a rogue AP, the network administrator can issue an alert.

[0096] In one embodiment, the set of criteria to determine whether or not the AP is friendly or a rogue is set by the wireless network administrator and stored in the Configuration Database.

Setting Up Scans and Receiving Reports [0097] FIG. 4 shows a flow chart that includes in more detail steps 705 and 707 of setting up, requesting, and receiving reports of the scans. Refer also to FIG. 6 that shows the messaging and tasks at each entity. In a step 403, at the WLAN manager 103, the wireless network administrator sets up a set of scan parameters that describe how information is to be obtained about,beacons and probe responses received-by managed-APs, and in one embodiment, managed clients. The set of scan parameters includes whether an active scan or passive scan or both active and passive scan, and if an active scan, the one or more channels for the active scan. The set of scan parameters further includes the scan interval, e.g., the schedule of how often scans are to be performed, and in one embodiment, for how long. The set of scan parameters further includes an indication of whether the APs, the managed clients, or both the APs and clients are to perform the scans.

[0098] In a step 405, the WLAN manager 103 sends one or more Measurement Request Messages to the APs that instruct the APs to perform the scans and/or request their respective clients to perform the scans in the case that the wireless network includes one or more Subnet Context Managers, as in FIG. 6, the method includes forming a Measurement Request Message for each Subnet Context Manager that includes information sufficient for the Subnet Context Manager to send Measurement Request Messages to its APs.

[0099] In a step 407, the Subnet Context Manager, e.g., Subnet Context Manager receives the Measurement Request Message and from the data therein, forms individual Measurement Request Messages and sends the messages to the respective target APs.

[00100] In a step 409, a target AP, e.g., AP 107 receives the Measurement Request Message and as a result, sets up tasking according to the request. The tasking includes scheduling any scans to be performed by the AP itself, and also, in the case the tasking includes for scanning by one or more clients, scheduling scans to be performed by the clients by sending request frames to the appropriate clients, and then receiving report frames from theclients. In the case that the request includes the AP
perforining scans, step 409 includes the AP 407 carrying out any passive and/or active scans requested in the Measurement Request Message. Such action is carried out according to the schedule in the Request Message, e.g. periodically at a scheduled interval, and so forth.

(00101] In a step 413, the AP sends out Measurement Report Messages periodically according to the schedule in the Measurement Request Message. The Measurement Report Messages include information on the beacons/probe responses received by the AP
if the AP was requested to perform scanning and, if the AP was requested to instruct its clients to perform scanning, information on the beacons/probe responses received by the clients. Such information includes information from the beacon/probe response and information about the state of the station when receiving the beacon/probe response. Thus, as shown in FIG. 6, a single request message generates periodic reports from the AP 107.

[00102] In a step 413, each Subnet Context Manager, e.g., Subnet Context Manager 105 receives the Measurement Report Messages sent periodically by managed APs in its subset, e.g., AP 107 according to the schedule in the Measurement Request Message. The Subnet Context Manager 105 aggregates Measurement Report Messages into a single aggregated Measurement Report Message and sends the Measurement Report Message to the WLAN manager 103.

[00103] The WLAN Manager receives Measurement Report Messages from APs, e.g., directly or via Subnet Context Managers. This is step 707 described above.

[00104] FIG. 5 is a flow chart that describes the case of the Measurement Request Message including a request to schedule an AP to instruct one or more clients to perform scanning and report the results. The steps shown in FIG. 5 are carried out periodically according to the schedule of the Measurement Request Message. The scheduling is carried out by the AP, e.g., AP 107 of FIG. 6. Thus at a scheduled time, in a step 503, the AP
sends a Measurement Request Frame to the client or clients, e.g., client 115. In a step 505, the client receives the Measurement Request Frame and according to the content of the request, carries out the requested task, e.g., carries out a passive scan, an active scan at one or more specified channels, and/or sends its accumulated Beacon Table. In a step 507, the station after carrying out any scanning requested, sends a Measurement Report Frame to its serving AP, In a step 509, the AP receives the Measurement Report Frames from all clients that were requested.

Analysis of Reports [00105] Step 709 of analyzing the information obtained from scans is now discussed in more detail. The WLAN manager compares information received from scans about a particular AP, including the particular AP's beacon/probe response with information in the AP database. In one embodiment, the comparison searches the AP database for a match with the particular APs' BSSID. Such a`comparison may lead to a match with information in the AP database and suggest, for example, that the particular AP is a managed AP.
However, there is some likelihood that the particular AP is spoofing a managed AP. In one embodiment, the comparison includes one or more known AP parameters that are obtained, e.g., part or all of the IEEE 802.11 standard information normally stored in a beacon/probe response. In a managed network, some or all of the AP parameters may be set by or known to the WLAN manager and stored in the AP database. Such parameters include one or more of the maximum power settings, the frequency, and other standard 802,11 parameters, and may also include specific proprietary fields that are not part of the IEEE standard. A comparison of the parameters may further determine whether or not the particular AP is likely to be a rogue AP.

[00106] In one embodiment, analyzing the inforination received about a particular AP, including the beacon/probe response also includes analyzing timing information to compare with timing information that would be expected of a managed or friendly AP.
The timing information analyzed is of beacon time (TSF timer) offset determined by comparing the timestamp in the beacon/probe response with the TSF timer at the managed AP receiving the response or at the managed client receiving the response.
Such an analysis may lead to conclude that the AP is not a managed AP.

[00107] In one embodiment, analyzing the information received about a particular AP, including the AP's beacon/probe response includes using the RSSI level at the receiver of the beacon/probe response from the potential rogue AP. In the case the beacon/probe Replacement Pages 1, 3, 19, 23, 26 Application No. 2,529,411 23 response was detected by a managed AP, the location of the managed AP would be known and used together with the received RSSI to approximately locate the potential probe. In the case the beacon/probe response was detected by a client of a managed AP, the timing information may lead the WLAN manager to infer some location information. For example, the timing information may provide an indication of when the client detected the beacon/probe response in relation to the time the client associated with the managed AP
whose location is known.

[00107] Thus, the RSSI together with location information of managed APs and clients are used to approximately determine the location of the potential rogue AP in order to further ascertain whether the AP is likely to be a rogue. For example, this may provide the location to the nearest floor of a building.
Locating the Potential Rogues [00108] Once potential rogues are identified, and even approximately located, e.g., to the level of a floor of a building, or within radio range of an AP of known location, one aspect of the invention is further locating the potential rogues using received signal strength information. One location method uses the RSSI at the station receiving the beacon/probe response together with a calibrated path loss model of the enviromnent providing path losses at various locations to/from managed stations at known locations. The method is summarized here and described in more detail in concurrently filed issued U.S.
Patent No.
6,990,428, titled "RADIOLOCATION USING PATH LOSS DATA" to inventors Kaiser, et al., Docket/Reference No. CISCO-7391, assigned to the assignee of the present invention.

[00109] In the case that the beacons/probe responses are detected by a set of managed APs, the locating method includes accepting an ideal path loss model and calibrating the ideal path loss model using path loss measurements between the managed access points in a region of interest, e.g., the floor of the building. The path loss measurements include the WLAN manager obtaining the received signal strengths from each respective access point receiving probe responses/beacons, e.g., on the channel that the rogue transmissions were received, for signals received as a result of probe responses/beacon transmissions by each other access point. Each transmission by a respective access point is at a known respective transmit power. The calibrating determines a calibrated path loss model between the managed access points.

[00111] The locating method further includes measuring the path loss between the potential rogue access point and at least some of the managed access points.
The measuring is by the beacon/probe response reporting described herein. The measuring includes measuring the received signal strength at each of at least some of the access points of the wireless network resulting from transmission of a beacon/probe response from the potential rogue access point for each of a set of assumed transmit powers for the potential rogue access point. The method further includes determining the likely location or locations of the wireless station using the measured -path loss and the calibrated path loss model for the set of assumed transmit powers.

[00112] In the case the beacon/probe responses are detected at one or more clients, the location of the clients is first determined using a client-locating variant of the radio location method. The client at an unknown location receives beacons/probe responses from managed access points in the area of interest. The beacon/probe responses are at known transmit powers. The path loss is measured for each transmitting access point using reports from the receiving client station at an unknown location. The likely location or locations of the client station is determined comparing the received path loss components with the calibrated path loss model.

[00113] Once the location of the clients receiving the beacons/probe responses from the potential rogue AP are estimated, the method proceeds as for the case of APs receiving the transmissions from the potential rogue, with the determined location used as the "known" location of the receiving clients.

[00114] In the location determining (of a client or a potential access point), one embodiment includes using an exclusive likelihood function to provide a likelihood component as a function of location for each station at a known or determined location detecting a beacon or probe response from the potential rogue AP. One embodiment further uses an exclusive likelihood function to provide a likelihood component as a function of location for each station at a known or determined location that fails to detect a beacon or probe response from the potential rogue AP. In the case of the failure to detect, the station that fails to detect is assumed to receive at a particular signal strength, e.g., the specified receive sensitivity of the receiver of the station. The overall likelihood is the product of the inclusive and exclusive likelihood components.7his is determined for each of the set of assunled transmit powers.

[00115] While FIG. 1 shows a network that includes Subnet Context Managers for subnets, embodiments of the invention also operate in networlcs with no Subnet Context Managers, and larger networks that are further divided into other control domains. In the case of a smaller network than in FIG. 1, the communication that in a network such as FIG. 1 is between subnet context manager and its APs is then carried out directly between the WLAN Manager and the APs.

[00116] While in one embodiment, each Measurement Request Frame received at a client station generates a single Measurement Report Frame. In alternate embodiments, the client station may carry out tasking, e.g., schedule scanning events.

[00117] It should be appreciated that although the invention has been described in the context of the TEEE 802.11 standard, the invention is not limited to such contexts and may be utilized in various other applications and systems, for example other WLAN
standards and other wireless standards.

[00118] One embodiment of each of the methods described herein is in the form of a computer program that executes on a processing system, e.g., one or more processors that are part of a WLAN manager. Thus, as will be appreciated by those skilled in the art, embodiments of the present invention may be embodied as a method, an apparatus such as a special purpose apparatus, an apparatus such as a data processing system, or a carrier medium, e.g., a computer program product. The carrier medium carries one or more computer readable code segments for controlling a processing system to implement a method. Accordingly, aspects of the present invention may take the form of a method, an entirely hardware embodiment, an entirely software enibodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of carrier medium (e.g., a coinputer program product on a computer-readable storage medium) carrying computer-readable program code segments embodied in the medium. Any suitable computer-readable medium may be used including a magnetic storage device such as a diskette or a hard disk, or an optical storage device such as a CD-ROM.

[00119] It will be understood that the steps of methods discussed are performed in one embodiment by an appropriate processor (or processors) of a processing (i.e., computer) system executing instructions (code segments) stored in storage. It will also be understood Replacement Pages 1, 3, 19, 23, 26 Application No. 2,529,411 26 that the invention is not limited to any particular implementation or programming technique and that the invention may be implemented using any appropriate techniques for implementing the functionality described herein. The invention is not limited to any particular programming language or operating system.

[00119] Reference throughout this specification to "one embodiment" or "an embodiment"
means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention.
Thus, appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment.
Furthermore, the particular features, structures or characteristics may be combined in any suitable manner, as would be apparent to one of ordinary skill in the art from this disclosure, in one or more embodiments.

[00120] Similarly, it should be appreciated that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

[00123] Thus, while there has been described what is believed to be the preferred embodiments of the invention, those skilled in the art will recognize that other and further modifications may be made thereto without departing from the spirit of the invention, and it is intended to claim all such changes and modifications as fall within the scope of the invention. For example, any formulas given above are merely representative of procedures that may be used. Functionality may be added or deleted from the block diagrams and operations may be interchanged among ftlnctional blocks. Steps may be added or deleted to methods described within the scope of the present invention.

Claims (36)

CLAIMS:
1. A method comprising:

a central management entity managing managed access points (APs) of a wireless network, including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of the managed access point;

maintaining an AP database that includes information about managed APs and friendly APs of the wireless network, including for each managed AP in the AP database, the service set identifier of the managed AP and one or more of the configuration parameters;

sending a scan request to one or more managed APs of the wireless network, the scan request including a request for the receiving managed AP to scan for beacons and probe responses; and receiving reports from at least one of the receiving managed APs about beacons or probe responses from any potential rogue AP, including, for each potential rogue AP
from which a beacon or probe response was received, detection information, and information on the beacon or probe response received sent by the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters; and for each beacon or probe response from a potential rogue AP on which information is received, ascertaining if the potential rogue AP is a managed AP, including:

ascertaining if there is a match for the service set identifier of the potential rogue AP
in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP.
2. A method as recited in claim 1, wherein the wireless network substantially conforms to the IEEE 802.11 standard for wireless local area networks.
3. A method as recited in claim 1, wherein the maintaining the AP database includes updating the AP database from time to time.
4. A method as recited in claim 1, wherein the analysis further includes determining the approximate location of the potential rogue AP in order to further ascertain whether the potential rogue AP is likely to be a rogue, a location determining method that uses information determined from signals received from the potential rogue AP at a plurality of managed APs whose locations are known or at stations whose respective locations are known or determined, and calculating a likely location using the determined information.
5. A method as recited in claim 1, wherein the sending a request includes sending a request to one or more wireless stations of the wireless network to listen for beacons and probe responses on the respective serving channels of the respective wireless stations and to report the results of the listening.
6. A method as recited in claim 1, wherein the sending a request includes sending a request for one or more wireless stations to temporarily listen for beacons and probe responses on a channel specified in the request and to report the results of the listening.
7. A method as recited in claim 1, wherein the sending a request includes sending a request for one or more managed access points to listen for beacons and probe responses and to report the results of the listening.
8. A method as recited in claim 1, wherein the sending a request includes sending a request for one or more clients of one or more managed access points to listen for beacons and probe responses and to report the results of the listening.
9. A method as recited in claim 1, wherein the analyzing further includes using timing information determined from the beacon or probe response to further ascertain whether the AP is likely to be a rogue.
10. A method as recited in claim 9, wherein the analyzing further includes using known location information of managed APs together with the timing information to determine the approximate location of the potential rogue AP.
11. A method as recited in claim 1, wherein the detection information includes absolute RSSI
information, and wherein the analyzing further includes using known location information of managed APs to approximately locate the potential rogue AP, and method further comprising:

locating the potential rogue AP by using the absolute RSSI at the station receiving the beacon or probe response together with a calibrated path loss model of an area of interest that provides path losses at various locations to or from managed stations at known locations.
12. A method as recited in claim 11, wherein the locating includes:

accepting an ideal path loss model applicable to an area of interest;
calibrating the ideal path loss model using measurements received from each respective managed station of a first set of managed wireless stations of the wireless network measuring the received signal strengths at each of the respective managed stations, the managed stations receiving signals as a result of transmissions by respective managed stations of a second set of managed wireless stations of the wireless network, each respective transmission at a known respective transmit power, the locations of each managed station of the first and second set being known or determined, the calibrating being to determine a calibrated path loss model between the receiving and transmitting wireless stations;

receiving measurements from each respective managed station of a third set of managed wireless stations of the wireless network measuring the received signal strength at each of the respective stations resulting from transmission of a beacon or probe response from a potential rogue access point, each station of the third set being at a known or determined location; and for each of a set of assumed transmit powers for the potential rogue access point, determining the likely location or locations of the potential rogue access point using the received signal strengths at the stations of the third set and the calibrated path loss model.
13. A method as recited in claim 12, wherein the determining of the likely location or locations includes:

determining a set of likelihood components for each of a set of locations, each component corresponding to a respective managed access point whose transmissions are listened for at the particular station, and determining an overall likelihood for each of the set of locations as the product of the likelihood components.
14. A method as recited in claim 1, wherein further comprising combining the results of the analyzing step with the results of one or more complementary rogue AP
detection techniques.
15. A method as recited in claim 14, wherein one of the complementary rogue AP
detection techniques includes a client reporting to a managed AP a failed previous authentication attempt with an AP.
16. A method comprising:

receiving a scan request at an access point (AP) of a wireless network to scan for beacons and probe responses, the request received from a management entity coupled to a WLAN
manager managing a set of managed APs, the managing of the managed APs including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of the managed APs and maintaining an AP database that contains information about managed APs and friendly APs of the wireless network, the information in the AP database including for each managed AP in the AP database, the service set identifier of the managed AP and one or more of the configuration parameters;

listening for beacons and probe responses at the AP receiving the scan; and sending a scan report to the WLAN manager including information on any beacon or probe response received from a potential rogue AP by the AP receiving the scan request, the information including, for each potential rogue AP from which a beacon or probe response was received, detection information, and information on the beacon or probe response from the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters, such that for each beacon or probe response from a potential rogue AP on which information is received at the WLAN manager, ascertaining if the potential rogue AP is a managed AP, including:

ascertaining if there is a match for the service set identifier of the potential rogue AP
in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP.
17. A method as recited in claim 16, wherein the scan request includes a request to scan for beacons and probe responses on the respective serving channel of each respective wireless AP or client station and to report the results of the listening.
18. A method as recited in claim 16, wherein the scan request a includes a request for the listening stations AP or client station to temporarily listen for beacons and probe responses on a channel specified in the request and to report the results of the listening.
19. A method as recited in claim 16, wherein the scan request from the WLAN
manager and the scan report to the WLAN manager use a protocol that provides for and encapsulates scan request messages and scan report messages in IP packets.
20. A method as recited in claim 19, wherein the request from an AP to a client station, and the report from the client station to an AP uses MAC frames.
21. A method as recited in claim 19, wherein the scan request includes a set of scan parameters that describe how information is to be obtained about beacons and probe responses received by the managed AP.
22. A method as recited in claim 21, wherein the scan parameters include one or more of:
whether the requested scan is an active scan or a passive scan or both an active and passive scan, and if an active scan, one or more channels for the active scan, and the schedule of how often scans are to be performed.
23. A method as recited in claim 21, wherein after receiving the task request, the receiving AP sets up tasking according to the scan request, including scheduling any scans to be performed by the receiving AP.
24. A computer-readable medium encoded with computer readable instructions that when executed cause one or more processors of a processing system to execute a method comprising:

managing managed access points (APs) of a wireless network, including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of each managed access point;

maintaining an AP database that includes information about managed APs and friendly APs of the wireless network, including for each managed AP in the AP databse, the service set identifier of the managed AP and one or more of the configuration parameters;

sending a scan request to one or more managed APs of the wireless network, the scan request including a request for the receiving managed AP to scan for beacons and probe responses; and receiving reports from at least one of the receiving managed APs about beacons or probe responses from any potential rogue AP, including, for each potential rogue AP
from which a beacon or probe response was received, detection information, and information on the beacon or probe response received sent by the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters; and for each beacon or probe response from a potential rogue AP on which information is received, ascertaining if the potential rogue AP is a managed AP, including:

ascertaining if there is a match for the service set identifier of the potential rogue AP
in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP.
25. A computer-readable medium encoded with computer readable instructions to instruct one or more processors of a processing system to execute a method at an access point (AP) of a wireless network comprising:

receiving a scan request to scan for beacons and probe responses, the request received from a management entity coupled to a WLAN manager managing a set of managed APs, the managing of the managed APs including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of the managed APs and maintaining an AP database that contains information about the managed APs and friendly APs of the wireless network, the information in the AP database including for each managed AP in the AP database, the service set identifier of the managed AP
and one or more of the configuration parameters;

listening for beacons and probe responses at the AP receiving the scan request; and sending a scan report to the WLAN manager including information on any beacon or probe response received from a potential rogue AP by the AP receiving the scan request, the information including, for each potential rogue AP from which a beacon or probe response was received, detection information, and information on the beacon or probe response from the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters, Claims such that for each beacon or probe response from a potential rogue AP on which information is received at the WLAN manager, ascertaining if the potential rogue AP is a managed AP, including:

ascertaining if there is a match for the service set identifier of the potential rogue AP
in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP

such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP.
26. An apparatus comprising:

a processing system including a memory and a network interface to couple the apparatus to a network, the network including a set of managed access points (APs) of a wireless network; and a tangible medium storing an AP database coupled to the processing system and containing information about the managed APs and friendly APs of the wireless network, including information related to how each managed AP in the AP database is configured, wherein the processing system is programmed to:

manage the managed APs, including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of each managed access point;

maintain the AP database that includes information about the managed APs, including for each managed AP, the service set identifier of the managed AP and one or more of the configuration parameters;

send a scan request to one or more managed APs of the wireless network, the scan request being for the receiving managed AP to scan for beacons and probe responses; and Claims receive reports from at least one of the receiving managed APs about beacons or probe responses from any potential rogue AP, including, for each potential rogue AP
from which a beacon or probe response was received, detection information, and information on the beacon or probe response received sent by the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters; and for each beacon or probe response from a potential rogue AP on which information is received, ascertaining if the potential rogue AP is a managed AP, including:

ascertaining if there is a match for the service set identifier of the potential rogue AP
in the AP database, and if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP.
27. An access point (AP) for a wireless network, the access point comprising:
a processing system including a memory;

a network interface to couple the access point to a network;

a wireless transceiver coupled to the processing system to implement the PHY
of a wireless station;

the processing system including a MAC processor and programmed to:

receive a scan request to scan for beacons and probe responses, the request received via the network interface from a management entity coupled to a WLAN manager coupled to Claims the network and managing a set of managed, the managing including carrying out one or both of power control and frequency selection to configure one or more configuration parameters of managed APs and maintaining an AP database that contains information about managed APs and friendly APs of the wireless network, including for each managed AP in the AP database, the service set identifier of the managed AP, and one or more of the configuration parameters; and send a scan report to the WLAN manager via the network interface, including information on any beacon or probe response received from a potential rogue AP, the scan report including for each potential rogue AP beacon or probe response was received, detection information, and information on the beacon or probe response from the potential rogue AP, wherein the detection information includes the service set identifier of the potential rogue AP, and at least one further item of information, and wherein the information on the received beacon or probe response includes at least the service set identifier in the beacon or probe response, and one or more configuration parameters, such that for each beacon or probe response on which information is received at the WLAN
manager, analyzing the information received in the report about the potential rogue AP that sent the beacon or probe response includes, in order to ascertain if the potential rogue AP is a managed AP:

(a) ascertaining if there is a match for the service set identifier of the potential rogue AP in the AP database, and (b) ascertaining if there is a match for one or more configuration parameters of the potential rogue AP in the AP database in addition to the service set identifier of the potential rogue AP, such that at least a plurality of parameters are matched in the AP database to ascertain whether a potential rogue AP is a managed AP.
28. A method as recited in claim 1, wherein the information stored in the AP
database on each managed AP includes a maximum power setting or a frequency setting or both a maximum power and a frequency setting.
29. A method as recited in claim 1, wherein the detection information includes at least the channel the detected AP's beacon or probe response was received on, and wherein the information on the received beacon or probe response includes at least a service set identifier in the beacon or probe response.
30. A method as recited in claim 1, wherein the sending a scan request to one or more managed APs of the wireless network includes a request for the receiving managed AP to request the AP's clients to scan for beacons and probe responses.
31. A method as recited in claim 16, wherein the information stored in the AP
database on each managed AP includes a maximum power setting or a frequency setting or both a maximum power and a frequency setting.
32. A method as recited in claim 16, wherein the detection information includes at least the channel the detected AP's beacon or probe response was received on, and wherein the information on the received beacon or probe response includes at least a service set identifier in the beacon or probe response.
33. A method as recited in claim 16, wherein the management entity also manages any client stations of the managed APs, and wherein the receiving a scan request also includes a request to request any associated clients to listen for beacons or probe responses, the method further comprising:

sending a client request to one or more client stations associated with the AP
to listen for beacons and probe responses; and in the case that a client request was sent, receiving a client report at the AP from at least one of the client stations to which the client request was sent, the client report including information on any beacon or probe response received from a potential rogue AP.
34. A computer-readable medium as recited in claim 24, wherein the information stored in the AP database on each managed AP includes a maximum power setting or a frequency setting or both a maximum power and a frequency setting.
35. A computer-readable medium as recited in claim 24, wherein the detection information includes at least the channel the detected AP's beacon or probe response was received on, and wherein the information on the received beacon or probe response includes at least a service set identifier in the beacon or probe response.
36. A computer-readable medium as recited in claim 24, wherein the sending a scan request to one or more managed APs of the wireless network includes a request for the receiving managed AP to request the AP's clients to scan for beacons and probe responses.
CA002529411A 2003-07-28 2004-04-20 A method, apparatus, and software product for detecting rogue access points in a wireless network Expired - Fee Related CA2529411C (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US49084703P 2003-07-28 2003-07-28
US60/490,847 2003-07-28
US10/766,174 US7286515B2 (en) 2003-07-28 2004-01-28 Method, apparatus, and software product for detecting rogue access points in a wireless network
US10/766,174 2004-01-28
PCT/US2004/012244 WO2005018162A1 (en) 2003-07-28 2004-04-20 A method, apparatus and software product for detecting rogue access points in a wireless network

Publications (2)

Publication Number Publication Date
CA2529411A1 CA2529411A1 (en) 2005-02-24
CA2529411C true CA2529411C (en) 2010-01-12

Family

ID=34197924

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002529411A Expired - Fee Related CA2529411C (en) 2003-07-28 2004-04-20 A method, apparatus, and software product for detecting rogue access points in a wireless network

Country Status (8)

Country Link
US (2) US7286515B2 (en)
EP (1) EP1652343B1 (en)
CN (1) CN1823502B (en)
AT (1) ATE462244T1 (en)
AU (1) AU2004301015B2 (en)
CA (1) CA2529411C (en)
DE (1) DE602004026196D1 (en)
WO (1) WO2005018162A1 (en)

Families Citing this family (183)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7016948B1 (en) * 2001-12-21 2006-03-21 Mcafee, Inc. Method and apparatus for detailed protocol analysis of frames captured in an IEEE 802.11 (b) wireless LAN
US20030125045A1 (en) * 2001-12-27 2003-07-03 Riley Wyatt Thomas Creating and using base station almanac information in a wireless communication system having a position location capability
US20030206532A1 (en) 2002-05-06 2003-11-06 Extricom Ltd. Collaboration between wireless lan access points
US20060209771A1 (en) * 2005-03-03 2006-09-21 Extricom Ltd. Wireless LAN with contention avoidance
US20050195786A1 (en) * 2002-08-07 2005-09-08 Extricom Ltd. Spatial reuse of frequency channels in a WLAN
US7747244B2 (en) 2003-01-23 2010-06-29 Research In Motion Limited Methods and apparatus for re-establishing communication for a wireless communication device after a communication loss in a wireless communication network
US7248574B2 (en) * 2003-02-24 2007-07-24 Autocell Laboratories, Inc. Apparatus for selecting an optimum access point in a wireless network
GEP20105046B (en) 2003-05-14 2010-07-12 Interdigital Tech Corp Network management using periodic measurements of indicators
US8225379B2 (en) * 2003-07-11 2012-07-17 Ca, Inc. System and method for securing networks
US7123928B2 (en) 2003-07-21 2006-10-17 Qualcomm Incorporated Method and apparatus for creating and using a base station almanac for position determination
KR100526185B1 (en) * 2003-08-14 2005-11-03 삼성전자주식회사 Method And Apparatus for Enhancing Transfer Rate Using DLP And Multi-Channel In Wireless Lan Using PCF And DCF
US20050094663A1 (en) * 2003-11-05 2005-05-05 Interdigital Technology Corporation Method and system for providing intelligent remote access to wireless transmit/receive units
US7856209B1 (en) 2003-12-08 2010-12-21 Airtight Networks, Inc. Method and system for location estimation in wireless networks
US7536723B1 (en) 2004-02-11 2009-05-19 Airtight Networks, Inc. Automated method and system for monitoring local area computer networks for unauthorized wireless access
BRPI0418696A (en) 2004-04-02 2007-06-12 Qualcomm Inc methods and equipment for signaling assisted position determination systems
US7660990B1 (en) * 2004-04-27 2010-02-09 3Com Corporation Method for establishing a secure Ad Hoc wireless LAN
US8099094B2 (en) * 2004-07-12 2012-01-17 Interdigital Technology Corporation Neighbor scanning in wireless local area networks
US7768960B1 (en) * 2004-07-20 2010-08-03 Atheros Communications, Inc. Efficient communication channel survey
US7930737B2 (en) * 2004-08-18 2011-04-19 Broadcom Corporation Method and system for improved communication network setup utilizing extended terminals
US7987499B2 (en) * 2004-08-18 2011-07-26 Broadcom Corporation Method and system for exchanging setup configuration protocol information in beacon frames in a WLAN
US7355998B2 (en) * 2004-09-01 2008-04-08 Interdigital Technology Corporation Support for multiple access point switched beam antennas
US7447184B1 (en) * 2004-09-08 2008-11-04 Airtight Networks, Inc. Method and system for detecting masquerading wireless devices in local area computer networks
US8504110B2 (en) * 2004-09-10 2013-08-06 Interdigital Technology Corporation Method and apparatus for transferring smart antenna capability information
US20060056345A1 (en) * 2004-09-10 2006-03-16 Interdigital Technology Corporation Method and system for supporting use of a smart antenna in a wireless local area network
US7602755B2 (en) * 2004-11-17 2009-10-13 Intel Corporation Method and apparatus of scanning control signal
US8631450B1 (en) * 2004-12-02 2014-01-14 Entropic Communications, Inc. Broadband local area network
US8413213B2 (en) * 2004-12-28 2013-04-02 Intel Corporation System, method and device for secure wireless communication
TW200627243A (en) * 2005-01-27 2006-08-01 Inventec Multimedia & Telecom Connection method and system for wireless peripherals and computer platform
KR100679028B1 (en) * 2005-01-31 2007-02-05 삼성전자주식회사 Multiple input multiple output system and method for channel scanning of the multiple input multiple output system
US20060200711A1 (en) * 2005-02-01 2006-09-07 Schondelmayer Adam H Network diagnostic systems and methods for processing network messages
US20060198319A1 (en) * 2005-02-01 2006-09-07 Schondelmayer Adam H Network diagnostic systems and methods for aggregated links
US20060198318A1 (en) * 2005-02-01 2006-09-07 Schondelmayer Adam H Network diagnostic systems and methods for statistical triggering
US20060198312A1 (en) * 2005-02-01 2006-09-07 Schondelmayer Adam H Network diagnostic systems and methods for altering the format and bandwidth of network messages
US7805140B2 (en) * 2005-02-18 2010-09-28 Cisco Technology, Inc. Pre-emptive roaming mechanism allowing for enhanced QoS in wireless network environments
EP1851631B1 (en) * 2005-02-25 2019-10-23 Cisco Technology, Inc. Dynamically measuring and re-classifying access points in a wireless network
US20060193299A1 (en) * 2005-02-25 2006-08-31 Cicso Technology, Inc., A California Corporation Location-based enhancements for wireless intrusion detection
US7289056B2 (en) * 2005-03-24 2007-10-30 Intel Corporation Wireless communication system and method of operating in the presence of a radar system
EP1708423A1 (en) * 2005-03-29 2006-10-04 Matsushita Electric Industrial Co., Ltd. Inter-domain context transfer using context tranfer managers
US7551577B2 (en) * 2005-04-01 2009-06-23 Cisco Technology, Inc Access point provisioning and mapping in dual mode devices
US7899057B2 (en) * 2006-04-28 2011-03-01 Jds Uniphase Corporation Systems for ordering network packets
US20070038880A1 (en) * 2005-08-15 2007-02-15 Noble Gayle L Network diagnostic systems and methods for accessing storage devices
US20080075103A1 (en) * 2005-05-20 2008-03-27 Finisar Corporation Diagnostic device
US20070211696A1 (en) * 2006-03-13 2007-09-13 Finisar Corporation Method of generating network traffic
US8107822B2 (en) 2005-05-20 2012-01-31 Finisar Corporation Protocols for out-of-band communication
US20060264178A1 (en) * 2005-05-20 2006-11-23 Noble Gayle L Wireless diagnostic systems
US7783756B2 (en) * 2005-06-03 2010-08-24 Alcatel Lucent Protection for wireless devices against false access-point attacks
US8856311B2 (en) * 2005-06-30 2014-10-07 Nokia Corporation System coordinated WLAN scanning
US7486666B2 (en) * 2005-07-28 2009-02-03 Symbol Technologies, Inc. Rogue AP roaming prevention
US7706822B2 (en) * 2005-08-24 2010-04-27 Motorola, Inc. Timing synchronization and beacon generation for mesh points operating in a wireless mesh network
DE602005012692D1 (en) * 2005-08-25 2009-03-26 Research In Motion Ltd Detection and restriction of an unauthorized access point
US7558592B2 (en) 2005-09-01 2009-07-07 Cisco Technology, Inc. Radio planning for WLANS
US20070066308A1 (en) * 2005-09-06 2007-03-22 Oleg Andric Method and apparatus for removing phantom children in an ad-hoc communication system
TWI272795B (en) * 2005-09-09 2007-02-01 Hon Hai Prec Ind Co Ltd Method and system for detecting a rogue access point and device for determing the rogue access point
GB2430580B (en) * 2005-09-13 2008-04-09 Roke Manor Research A method of authenticating access points on a wireless network
GB2430114B (en) * 2005-09-13 2008-06-25 Roke Manor Research A method of verifying integrity of an access point on a wireless network
US20080219201A1 (en) * 2005-09-16 2008-09-11 Koninklijke Philips Electronics, N.V. Method of Clustering Devices in Wireless Communication Network
EP1929812B1 (en) * 2005-09-16 2013-06-19 Koninklijke Philips Electronics N.V. Notification of incumbent users in dynamic spectrum access wireless systems
US20070093208A1 (en) * 2005-09-30 2007-04-26 Arati Manjeshwar Method and system for providing interference avoidance and network coexistence in wireless systems
US7716740B2 (en) 2005-10-05 2010-05-11 Alcatel Lucent Rogue access point detection in wireless networks
US8411616B2 (en) * 2005-11-03 2013-04-02 Piccata Fund Limited Liability Company Pre-scan for wireless channel selection
US20070186276A1 (en) * 2006-02-09 2007-08-09 Mcrae Matthew Auto-detection and notification of access point identity theft
US20070248058A1 (en) * 2006-04-20 2007-10-25 Victor Fajardo Fast link-down detection systems and methods
CN100555950C (en) * 2006-04-28 2009-10-28 鸿富锦精密工业(深圳)有限公司 Access point recognition system and method
US7953457B2 (en) 2006-04-28 2011-05-31 Research In Motion Limited Methods and apparatus for reducing power consumption for mobile devices using broadcast-to-unicast message conversion
US7821986B2 (en) * 2006-05-31 2010-10-26 Cisco Technology, Inc. WLAN infrastructure provided directions and roaming
US7668513B2 (en) * 2006-06-26 2010-02-23 Microsoft Corporation Platform for enterprise wireless network management applications
US8149797B2 (en) * 2006-06-30 2012-04-03 Hewlett-Packard Development Company, L.P. Visualization of RF neighbor correlation in a single view
US8213333B2 (en) 2006-07-12 2012-07-03 Chip Greel Identifying and resolving problems in wireless device configurations
FR2903831A1 (en) * 2006-07-12 2008-01-18 France Telecom METHOD FOR DETECTING SIMUL ACCESS POINTS IN A WIRELESS NETWORK
US20080031208A1 (en) * 2006-08-04 2008-02-07 Microsoft Corporation Synchronization between wireless devices while saving power
US9596585B2 (en) * 2006-08-04 2017-03-14 Microsoft Technology Licensing, Llc Managing associations in ad hoc networks
US7860038B2 (en) * 2006-08-04 2010-12-28 Microsoft Corporation Wireless support for portable media player devices
US7969896B2 (en) * 2006-08-29 2011-06-28 Cisco Technology, Inc. Method and system for providing connectivity outage detection for MPLS core networks based on service level agreement
CN101150839B (en) * 2006-09-20 2011-04-06 西门子(中国)有限公司 Scanning method and system in WLAN
US7971253B1 (en) 2006-11-21 2011-06-28 Airtight Networks, Inc. Method and system for detecting address rotation and related events in communication networks
KR100847145B1 (en) 2006-12-04 2008-07-18 한국전자통신연구원 Method for detecting illegal Access Point
TW200827957A (en) * 2006-12-21 2008-07-01 Ind Tech Res Inst Method for information transmission with backbone network and a position monitoring system for multiple robotic devices
US8526821B2 (en) * 2006-12-29 2013-09-03 Finisar Corporation Transceivers for testing networks and adapting to device changes
GB2480191A (en) 2007-02-02 2011-11-09 Ubiquisys Ltd Determining the location of a base station
WO2008097044A1 (en) * 2007-02-06 2008-08-14 Lg Electronics Inc. Verification of system information in wireless communication system
US8155662B2 (en) * 2007-02-19 2012-04-10 Microsoft Corporation Self-configuring wireless network location system
US7516049B2 (en) * 2007-02-19 2009-04-07 Microsoft Corporation Wireless performance analysis system
KR101450774B1 (en) * 2007-02-21 2014-10-14 삼성전자주식회사 Duplicated ssid detecting method and system through self scan in wireless lan
US20080205340A1 (en) 2007-02-28 2008-08-28 Qualcomm, Incorporated Neighbor discovery in a wireless system
ES2712700T3 (en) * 2007-06-13 2019-05-14 Exfo Oy A man-in-the-middle detector and a method that uses it
ATE538621T1 (en) * 2007-07-30 2012-01-15 Marvell World Trade Ltd MAINTAIN BLUETOOTH AND 802.11 CONNECTIONS SIMULTANEOUSLY FOR INCREASED DATA THROUGHPUT
JP4921281B2 (en) * 2007-08-14 2012-04-25 キヤノン株式会社 Communication apparatus and communication control method
JP2009049522A (en) * 2007-08-14 2009-03-05 Canon Inc Communication system, communication apparatus and communication control method
US8799648B1 (en) * 2007-08-15 2014-08-05 Meru Networks Wireless network controller certification authority
US20090088132A1 (en) * 2007-09-28 2009-04-02 Politowicz Timothy J Detecting unauthorized wireless access points
US7970894B1 (en) 2007-11-15 2011-06-28 Airtight Networks, Inc. Method and system for monitoring of wireless devices in local area computer networks
US7778166B2 (en) * 2007-11-28 2010-08-17 Intel Corporation Synchronizing sequence numbers among peers in a network
US8145215B2 (en) * 2007-12-27 2012-03-27 Shoretel, Inc. Scanning for a wireless device
US8619634B2 (en) * 2008-04-14 2013-12-31 Cisco Technology, Inc. Channel assignment protocol
US8762188B2 (en) 2008-05-12 2014-06-24 Ut-Battelle, Llc Cyberspace security system
US20090281864A1 (en) * 2008-05-12 2009-11-12 Abercrombie Robert K System and method for implementing and monitoring a cyberspace security econometrics system and other complex systems
US8477716B2 (en) * 2008-05-22 2013-07-02 Motorola Solutions, Inc. Method for facilitating sharing of channel information in a wireless communication network
US20090323555A1 (en) * 2008-06-27 2009-12-31 Affinegy, Inc. System and Method for Controlling and Configuring a Router
US8478228B2 (en) * 2008-10-20 2013-07-02 Qualcomm Incorporated Mobile receiver with location services capability
US20100110877A1 (en) * 2008-10-30 2010-05-06 Symbol Technologies, Inc. System and method for failover of mobile units in a wireless network
US8694624B2 (en) * 2009-05-19 2014-04-08 Symbol Technologies, Inc. Systems and methods for concurrent wireless local area network access and sensing
WO2010150052A2 (en) * 2009-06-24 2010-12-29 Nokia Corporation Methods and apparatuses for avoiding denial of service attacks by rogue access points
US8600297B2 (en) 2009-07-28 2013-12-03 Qualcomm Incorporated Method and system for femto cell self-timing and self-locating
CN102577261A (en) * 2009-07-31 2012-07-11 惠普发展公司,有限责任合伙企业 Method for detection of a rogue wireless access point
KR101083727B1 (en) * 2009-08-21 2011-11-15 주식회사 에어큐브 Apparatus and method of wireless network security
US20110191827A1 (en) * 2010-01-29 2011-08-04 Rajini Balay Detecting Unauthorized Router Access Points or Rogue APs in the Wired Network
JP2011211612A (en) * 2010-03-30 2011-10-20 Nec Access Technica Ltd Wireless lan terminal, wireless lan access point and wireless lan system
CN102316579B (en) * 2010-07-06 2015-01-28 北京三星通信技术研究有限公司 Method for applying location-based service zone
US20120026887A1 (en) * 2010-07-30 2012-02-02 Ramprasad Vempati Detecting Rogue Access Points
US8588844B2 (en) 2010-11-04 2013-11-19 Extricom Ltd. MIMO search over multiple access points
US9154487B2 (en) * 2010-11-05 2015-10-06 Telefonaktiebolaget L M Ericsson (Publ) Registration server, gateway apparatus and method for providing a secret value to devices
US8493977B2 (en) * 2010-11-30 2013-07-23 Symbol Technologies, Inc. Detection of an unauthorized access point in a wireless communication network
US8644177B2 (en) 2010-12-16 2014-02-04 Blackberry Limited Methods and apparatus for use in controlling data traffic for a wireless mobile terminal using a wireless access point (AP)
EP2466938B1 (en) * 2010-12-16 2016-10-12 BlackBerry Limited Methods and apparatus for use in controlling data traffic for a wireless mobile terminal using a wireless access point (AP)
KR20120078664A (en) * 2010-12-30 2012-07-10 정현철 Terminal
KR101453521B1 (en) * 2011-05-20 2014-10-24 주식회사 케이티 Wireless access point apparatus and method for detecting unauthorized wireless lan node
CN102843684A (en) * 2011-06-21 2012-12-26 航天信息股份有限公司 Method and system for detecting rogue wireless access point in local area network
US10382285B2 (en) * 2011-08-25 2019-08-13 Siemens Industry, Inc. Smart grid communication assessment and co-simulation tool
US8879471B2 (en) 2011-10-18 2014-11-04 Nokia Corporation Method, apparatus, and computer program product for filtering list in wireless request
US8879992B2 (en) 2011-10-27 2014-11-04 Nokia Corporation Method, apparatus, and computer program product for discovery of wireless networks
US9279878B2 (en) 2012-03-27 2016-03-08 Microsoft Technology Licensing, Llc Locating a mobile device
KR101561113B1 (en) * 2012-06-07 2015-10-16 주식회사 케이티 Method of active scanning and connecting based on configuration information
US20140016511A1 (en) * 2012-07-15 2014-01-16 Jonathan Segev Rapid scanning for fast initial link setup
US20140052508A1 (en) * 2012-08-14 2014-02-20 Santosh Pandey Rogue service advertisement detection
CN103634270B (en) * 2012-08-21 2017-06-16 中国电信股份有限公司 Recognize method, system and the access point authentication server of access point legitimacy
WO2014081427A1 (en) 2012-11-21 2014-05-30 Empire Technology Development Schemes for connecting to wireless network
CN103856957B (en) * 2012-12-04 2018-01-12 航天信息股份有限公司 Counterfeit AP method and apparatus in detection wireless LAN
US9612121B2 (en) 2012-12-06 2017-04-04 Microsoft Technology Licensing, Llc Locating position within enclosure
US9198118B2 (en) * 2012-12-07 2015-11-24 At&T Intellectual Property I, L.P. Rogue wireless access point detection
US9648559B2 (en) * 2013-03-08 2017-05-09 Futurewei Technologies, Inc. Systems and methods for differentiated fast initial link setup
US9467459B2 (en) * 2013-03-15 2016-10-11 Aruba Networks, Inc. System and method for detection of rogue routers in a computing network
CN103139778B (en) * 2013-03-25 2017-02-08 北京奇虎科技有限公司 wireless local area network access system and method
US9178896B2 (en) * 2013-05-09 2015-11-03 Avaya Inc. Rogue AP detection
US20140334336A1 (en) 2013-05-10 2014-11-13 Relay2, Inc. Multi-Tenant Virtual Access Point- Network Resources Virtualization
US10164857B2 (en) * 2013-11-14 2018-12-25 Eric P. Vance System and method for machines to communicate over the internet
US10117258B2 (en) * 2013-11-22 2018-10-30 Beijing Qihoo Technology Comapny Limited Wireless channel redistribution method and apparatus
JPWO2015076345A1 (en) * 2013-11-25 2017-03-16 京セラ株式会社 Communication control method, user terminal, and processor
EP2897418B1 (en) * 2014-01-20 2016-06-01 Alcatel Lucent Advertising storage capabilities accessible via a wireless local area network
JP2017520149A (en) * 2014-05-22 2017-07-20 京セラ株式会社 Unlicensed frequency band with licensed frequency band timing
US9867117B2 (en) 2014-07-25 2018-01-09 Comcast Cable Communications, Llc Network admission control
US10085328B2 (en) 2014-08-11 2018-09-25 RAB Lighting Inc. Wireless lighting control systems and methods
US10039174B2 (en) 2014-08-11 2018-07-31 RAB Lighting Inc. Systems and methods for acknowledging broadcast messages in a wireless lighting control network
US10531545B2 (en) 2014-08-11 2020-01-07 RAB Lighting Inc. Commissioning a configurable user control device for a lighting control system
CN105490990A (en) * 2014-09-18 2016-04-13 台湾新光保全股份有限公司 Method for logging on service network through wireless sensing device
KR102117028B1 (en) 2014-10-07 2020-06-09 삼성전자주식회사 Method and apparatus for pairing in a wireless communication system
WO2016065169A1 (en) * 2014-10-24 2016-04-28 Interdigital Patent Holdings, Inc. Wlan designs for supporting an outdoor propagation channel
CN104410972A (en) * 2014-10-30 2015-03-11 苏州德鲁森自动化系统有限公司 Method for monitoring running state of wireless local area network
CN104349325B (en) * 2014-11-07 2018-09-28 工业和信息化部通信计量中心 Method and device for monitoring pseudo- wireless access point AP
CN104378761A (en) * 2014-12-05 2015-02-25 迈普通信技术股份有限公司 Method, device and system for detecting illegal access devices
US10257215B2 (en) * 2015-05-08 2019-04-09 Panasonic Avionics Corporation Identifying and disabling a rogue access point in a public wireless environment
US20160345345A1 (en) * 2015-05-21 2016-11-24 Qualcomm Incorporated Methods and apparatus for signal timing detection, sharing, and interference avoidance
US9544798B1 (en) * 2015-07-23 2017-01-10 Qualcomm Incorporated Profiling rogue access points
US10462794B2 (en) 2015-07-29 2019-10-29 T-Mobile Usa, Inc. Deferential channel selection of channels in unlicensed spectrum
US9609568B1 (en) * 2015-09-03 2017-03-28 T-Mobile Usa, Inc. Selecting a channel based on backhaul bandwidth
KR20170034066A (en) * 2015-09-18 2017-03-28 삼성전자주식회사 Electronic device and control method thereof
CN105262734A (en) * 2015-09-23 2016-01-20 周超 Secure router having hacker attack prevention function
US9860067B2 (en) 2015-10-29 2018-01-02 At&T Intellectual Property I, L.P. Cryptographically signing an access point device broadcast message
TWI601434B (en) * 2015-11-25 2017-10-01 Senao Networks Inc Wireless base station identification method and device
GB2545697B (en) 2015-12-22 2020-01-08 Airties Kablosuz Iletism Sanayi Ve Disticaret As Dynamic channel selection and DFS re-entry
CN105722090B (en) * 2016-01-29 2020-03-17 宇龙计算机通信科技(深圳)有限公司 Control method and device for automatically identifying pseudo base station
US11275149B2 (en) * 2016-03-18 2022-03-15 Embarcadero Technologies, Inc. Determining a location of an electronic device
US9723588B1 (en) * 2016-03-28 2017-08-01 Google Inc. Determining a location of a wireless transmitter
US10555179B2 (en) * 2016-06-02 2020-02-04 Avago Technologies International Sales Pte. Limited Cellular-wireless local area network (WLAN) coexistence
CN107870318B (en) * 2016-09-27 2021-05-25 冠捷投资有限公司 Proximity detection method
CN106792804B (en) * 2016-12-05 2020-07-28 成都福立盟环保大数据有限公司 Multicast WIFI frame detection mechanism capable of monitoring and responding as required
US10447717B2 (en) * 2017-01-28 2019-10-15 Qualcomm Incorporated Network attack detection using multi-path verification
US10979906B2 (en) 2017-04-11 2021-04-13 Qualcomm Incorporated Detecting media access control (MAC) address spoofing in a wi-fi network using channel correlation
US10764755B2 (en) * 2017-09-07 2020-09-01 802 Secure, Inc. Systems and methods for providing wireless access security by interrogation
US10271236B1 (en) 2017-09-29 2019-04-23 At&T Intellectual Property I, L.P. Collection of crowd-sourced access point data for 5G or other next generation network
US10231134B1 (en) 2017-09-29 2019-03-12 At&T Intellectual Property I, L.P. Network planning based on crowd-sourced access point data for 5G or other next generation network
US10382995B2 (en) 2017-09-29 2019-08-13 At&T Intellectual Property I, L.P. Utilization of crowd-sourced access point data for 5G or other next generation network
US11057773B2 (en) * 2018-11-20 2021-07-06 Cisco Technology, Inc. Systems and methods for detecting access point impersonators
CN109803264B (en) * 2018-12-24 2022-04-29 奇安信科技集团股份有限公司 Method and device for recognizing wireless intrusion
US11012469B2 (en) 2019-01-22 2021-05-18 Cisco Technology, Inc. Detecting and preventing denial of service attacks due to fraudulent BSS color collision events
US11218890B2 (en) * 2019-11-13 2022-01-04 Cisco Technology, Inc. Basic service set color selection
US11418956B2 (en) 2019-11-15 2022-08-16 Panasonic Avionics Corporation Passenger vehicle wireless access point security system
US11765589B2 (en) 2019-11-26 2023-09-19 Cisco Technology, Inc. Aggregation and correlation of rogue broadcast service set identifiers to a physical access point
CN111093156B (en) * 2019-11-29 2020-12-15 中国联合网络通信集团有限公司 Pseudo base station position locating method, device and storage medium
US11463881B2 (en) * 2020-01-27 2022-10-04 Saudi Arabian Oil Company Vehicular integration of enterprise wireless scanning
US11025338B1 (en) * 2020-03-05 2021-06-01 Wipro Limited Method and system for identifying and mitigating interference caused by rogue Li-Fi access point
US11432152B2 (en) * 2020-05-04 2022-08-30 Watchguard Technologies, Inc. Method and apparatus for detecting and handling evil twin access points
RU2761956C1 (en) * 2021-04-12 2021-12-14 Федеральное государственное казенное военное образовательное учреждение высшего образования "Военный учебно-научный центр Военно-воздушных сил "Военно-воздушная академия имени профессора Н.Е. Жуковского и Ю.А. Гагарина" (г. Воронеж) Method for active counteraction to unauthorized access to a cell phone subscriber's information
WO2023036454A1 (en) * 2021-09-08 2023-03-16 Telefonaktiebolaget Lm Ericsson (Publ) Security in relation to a maliciously controlled receiver

Family Cites Families (98)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4254467A (en) * 1979-06-04 1981-03-03 Xerox Corporation Vector to raster processor
US5028848A (en) * 1988-06-27 1991-07-02 Hewlett-Packard Company Tile vector to raster conversion method
JPH0693650B2 (en) 1988-08-05 1994-11-16 日本電信電話株式会社 Moving body position detection method
GB9016277D0 (en) * 1990-07-25 1990-09-12 British Telecomm Location and handover in mobile radio systems
US5396582A (en) * 1991-02-06 1995-03-07 Hewlett-Packard Company Raster to vector conversion system and method therefor
US5327144A (en) * 1993-05-07 1994-07-05 Associated Rt, Inc. Cellular telephone location system
SE500769C2 (en) * 1993-06-21 1994-08-29 Televerket Procedure for locating mobile stations in digital telecommunications networks
JP2833967B2 (en) * 1993-07-23 1998-12-09 日本電気株式会社 Cell phone position detection method
US5570412A (en) * 1994-09-28 1996-10-29 U.S. West Technologies, Inc. System and method for updating a location databank
US5761328A (en) * 1995-05-22 1998-06-02 Solberg Creations, Inc. Computer automated system and method for converting source-documents bearing alphanumeric text relating to survey measurements
US5717406A (en) * 1995-06-07 1998-02-10 Sanconix Inc. Enhanced position calculation
US5732354A (en) * 1995-06-07 1998-03-24 At&T Wireless Services, Inc. Method and apparatus for determining the location of a mobile telephone
WO1997033386A1 (en) 1996-03-05 1997-09-12 Matsushita Electric Industrial Co., Ltd. System for detecting positional information
GB2311697B (en) * 1996-03-22 1999-07-28 Matsushita Electric Ind Co Ltd Wireless communication system and method and system for detection of position of radio mobile station
US6236365B1 (en) * 1996-09-09 2001-05-22 Tracbeam, Llc Location of a mobile station using a plurality of commercial wireless infrastructures
US6249252B1 (en) * 1996-09-09 2001-06-19 Tracbeam Llc Wireless location using multiple location estimators
US6112095A (en) * 1997-01-08 2000-08-29 Us Wireless Corporation Signature matching for location determination in wireless communication systems
EP0967816A4 (en) 1997-03-11 2000-06-14 Locus Corp Field intensity distribution generator
US6167274A (en) * 1997-06-03 2000-12-26 At&T Wireless Svcs. Inc. Method for locating a mobile station
EP1018457B1 (en) 1997-08-20 2001-08-08 Locus Corporation Positioning system and mobile communication device
US6115605A (en) * 1997-08-29 2000-09-05 Ppm, Inc. Communication system and device using dynamic receiver addressing
US6212391B1 (en) * 1997-12-01 2001-04-03 Motorola, Inc. Method for positioning gsm mobile station
US6414634B1 (en) * 1997-12-04 2002-07-02 Lucent Technologies Inc. Detecting the geographical location of wireless units
JPH11205845A (en) 1998-01-14 1999-07-30 Locus:Kk Position specifying system
US6804394B1 (en) * 1998-04-10 2004-10-12 Hsu Shin-Yi System for capturing and using expert's knowledge for image processing
US6226400B1 (en) * 1998-06-24 2001-05-01 Colorcom, Ltd. Defining color borders in a raster image by identifying and breaking contrast ties
US6456892B1 (en) * 1998-07-01 2002-09-24 Sony Electronics, Inc. Data driven interaction for networked control of a DDI target device over a home entertainment network
JP2000044688A (en) * 1998-07-31 2000-02-15 Shin Etsu Chem Co Ltd Acrylic functional organopolysiloxane and radioactive ray-curable composition
US6243811B1 (en) * 1998-07-31 2001-06-05 Lucent Technologies Inc. Method for updating secret shared data in a wireless communication system
US6441777B1 (en) * 1998-08-26 2002-08-27 Mcdonald Keith D. Signal structure and processing technique for providing highly precise position, velocity, time and attitude information with particular application to navigation satellite systems including GPS
US6269246B1 (en) * 1998-09-22 2001-07-31 Ppm, Inc. Location determination using RF fingerprinting
US6272541B1 (en) * 1998-10-08 2001-08-07 International Business Machines Corporation Data processing system and method for determining a physical location of a client computer system coupled to a server via a physical network
US6198935B1 (en) * 1998-11-17 2001-03-06 Ericsson Inc. System and method for time of arrival positioning measurements based upon network characteristics
US6184829B1 (en) * 1999-01-08 2001-02-06 Trueposition, Inc. Calibration for wireless location system
KR100403748B1 (en) * 1999-01-23 2003-11-03 삼성전자주식회사 Method for tracking a location of mobile telephone in mobile telecommunication network
US6799047B1 (en) * 1999-02-25 2004-09-28 Microsoft Corporation Locating and tracking a user in a wireless network through environmentally profiled data
US6850946B1 (en) * 1999-05-26 2005-02-01 Wireless Valley Communications, Inc. Method and system for a building database manipulator
US6317599B1 (en) * 1999-05-26 2001-11-13 Wireless Valley Communications, Inc. Method and system for automated optimization of antenna positioning in 3-D
US6282427B1 (en) * 1999-07-14 2001-08-28 Telefonaktiebolaget L M Ericsson (Publ) Selection of location measurement units for determining the position of a mobile communication station
US6766453B1 (en) * 2000-04-28 2004-07-20 3Com Corporation Authenticated diffie-hellman key agreement protocol where the communicating parties share a secret key with a third party
US6704352B1 (en) * 2000-05-04 2004-03-09 Samsung Electronics Co., Ltd. High accuracy receiver forward and reflected path test injection circuit
US6728782B1 (en) * 2000-05-23 2004-04-27 At&T Corp. Method of verifying newly provisioned customer network route advertisements
US6556942B1 (en) * 2000-09-29 2003-04-29 Ut-Battelle, Llc Short range spread-spectrum radiolocation system and method
KR100364368B1 (en) * 2000-10-18 2002-12-12 엘지전자 주식회사 Private Network Using Bluetooth and Communication Method Using the Network
EP1209934A1 (en) 2000-11-27 2002-05-29 Siemens Aktiengesellschaft Method and apparatus to counter the rogue shell threat by means of local key derivation
FI111901B (en) * 2000-12-29 2003-09-30 Ekahau Oy Estimation of position in wireless communication networks
US6581000B2 (en) * 2001-01-04 2003-06-17 Carnegie Mellon University Position location system and method
US20020102988A1 (en) * 2001-01-26 2002-08-01 International Business Machines Corporation Wireless communication system and method for sorting location related information
US7103365B2 (en) * 2001-02-21 2006-09-05 International Business Machines Corporation System and method for locating an alternate communication mechanism in case of a failure of a wireless communication device
US7259694B2 (en) * 2001-02-26 2007-08-21 International Business Machines Corporation Wireless communication system and method to provide geo-spatial related event data
US7120129B2 (en) * 2001-03-13 2006-10-10 Microsoft Corporation System and method for achieving zero-configuration wireless computing and computing device incorporating same
US20020174335A1 (en) * 2001-03-30 2002-11-21 Junbiao Zhang IP-based AAA scheme for wireless LAN virtual operators
JP4164272B2 (en) * 2001-04-24 2008-10-15 キヤノン株式会社 Image processing apparatus and image processing method
US7529537B2 (en) * 2001-05-14 2009-05-05 International Business Machines Corporation System and method for providing personal and emergency service hailing in wireless network
US7181530B1 (en) 2001-07-27 2007-02-20 Cisco Technology, Inc. Rogue AP detection
JP2005525003A (en) * 2001-09-05 2005-08-18 ニューベリイ ネットワークス,インコーポレーテッド Location detection and location tracking in wireless networks
CN1610837A (en) 2001-09-06 2005-04-27 株式会社洛克斯 Method for detecting location of mobile terminal
FI113731B (en) 2001-09-21 2004-05-31 Locus Portal Corp Localization procedure for mobile networks
FI113730B (en) 2001-10-08 2004-05-31 Locus Portal Corp Location method for cellular networks
JP3792154B2 (en) * 2001-12-26 2006-07-05 インターナショナル・ビジネス・マシーンズ・コーポレーション Network security system, computer apparatus, access point recognition processing method, access point check method, program, and storage medium
US6845241B2 (en) * 2002-01-07 2005-01-18 International Business Machines Corporation Relevance assessment for location information received from multiple sources
CA2414789A1 (en) * 2002-01-09 2003-07-09 Peel Wireless Inc. Wireless networks security system
US7058668B2 (en) * 2002-01-11 2006-06-06 International Business Machines Corporation System for estimating the temporal validity of location reports through pattern analysis
US6754488B1 (en) * 2002-03-01 2004-06-22 Networks Associates Technologies, Inc. System and method for detecting and locating access points in a wireless network
US7218944B2 (en) * 2002-03-21 2007-05-15 International Business Machines Corporation Frequency beacon to broadcast allowed frequency
CA2479166A1 (en) * 2002-03-27 2003-10-09 International Business Machines Corporation Methods apparatus and program products for wireless access points
US6664925B1 (en) * 2002-05-02 2003-12-16 Microsoft Corporation Method and system for determining the location of a mobile computer
WO2003093951A2 (en) * 2002-05-04 2003-11-13 Instant802 Networks Inc. Improved access point and wireless network controller
US7042852B2 (en) * 2002-05-20 2006-05-09 Airdefense, Inc. System and method for wireless LAN dynamic channel change with honeypot trap
US7277404B2 (en) * 2002-05-20 2007-10-02 Airdefense, Inc. System and method for sensing wireless LAN activity
FI113092B (en) * 2002-05-31 2004-02-27 Ekahau Oy Measures of position differences and applications
FI113409B (en) * 2002-05-31 2004-04-15 Ekahau Oy Sequence-based positioning technology
FI113410B (en) * 2002-05-31 2004-04-15 Ekahau Oy Probalistic model for positioning technique
US7965842B2 (en) * 2002-06-28 2011-06-21 Wavelink Corporation System and method for detecting unauthorized wireless access points
US7068999B2 (en) * 2002-08-02 2006-06-27 Symbol Technologies, Inc. System and method for detection of a rogue wireless access point in a wireless communication network
US7316031B2 (en) * 2002-09-06 2008-01-01 Capital One Financial Corporation System and method for remotely monitoring wireless networks
US7408907B2 (en) * 2002-09-11 2008-08-05 Cisco Technology, Inc. System and method for management of a shared frequency band using client-specific management techniques
US7164663B2 (en) * 2002-09-17 2007-01-16 Broadcom Corporation Method and system for providing an intelligent switch in a hybrid wired/wireless local area network
US6957067B1 (en) * 2002-09-24 2005-10-18 Aruba Networks System and method for monitoring and enforcing policy within a wireless network
US7257105B2 (en) * 2002-10-03 2007-08-14 Cisco Technology, Inc. L2 method for a wireless station to locate and associate with a wireless network in communication with a Mobile IP agent
US7522049B2 (en) * 2002-10-18 2009-04-21 Aeroscout, Ltd. Wireless local area network (WLAN) method and system for presence detection and location finding
US6823190B2 (en) * 2002-12-03 2004-11-23 International Business Machines Corporation System and method to anonymously test for proximity of mobile users without revealing individual phase space coordinates
US7392247B2 (en) * 2002-12-06 2008-06-24 International Business Machines Corporation Method and apparatus for fusing context data
US20040203910A1 (en) * 2002-12-31 2004-10-14 International Business Machines Corporation Spatial boundary admission control for wireless networks
US7295119B2 (en) * 2003-01-22 2007-11-13 Wireless Valley Communications, Inc. System and method for indicating the presence or physical location of persons or devices in a site specific representation of a physical environment
US20040151377A1 (en) * 2003-02-04 2004-08-05 Boose Molly L. Apparatus and methods for converting network drawings from raster format to vector format
US7149531B2 (en) * 2003-02-13 2006-12-12 Ekahau Oy Location applications for wireless networks
US7295524B1 (en) * 2003-02-18 2007-11-13 Airwave Wireless, Inc Methods, apparatuses and systems facilitating management of airspace in wireless computer network environments
CA2841289A1 (en) * 2003-02-25 2004-09-10 Thomas Erskine Method and system for providing supervisory control over wireless phone usage
US7853250B2 (en) * 2003-04-03 2010-12-14 Network Security Technologies, Inc. Wireless intrusion detection system and method
US7346338B1 (en) * 2003-04-04 2008-03-18 Airespace, Inc. Wireless network system including integrated rogue access point detection
US20040259555A1 (en) * 2003-04-23 2004-12-23 Rappaport Theodore S. System and method for predicting network performance and position location using multiple table lookups
US20040259554A1 (en) * 2003-04-23 2004-12-23 Rappaport Theodore S. System and method for ray tracing using reception surfaces
US7453840B1 (en) * 2003-06-30 2008-11-18 Cisco Systems, Inc. Containment of rogue systems in wireless network environments
US7257107B2 (en) * 2003-07-15 2007-08-14 Highwall Technologies, Llc Device and method for detecting unauthorized, “rogue” wireless LAN access points
US6990428B1 (en) * 2003-07-28 2006-01-24 Cisco Technology, Inc. Radiolocation using path loss data
US7127258B2 (en) * 2003-11-10 2006-10-24 Symbol Technologies, Inc. WLAN roaming based on location
US7002943B2 (en) * 2003-12-08 2006-02-21 Airtight Networks, Inc. Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices

Also Published As

Publication number Publication date
WO2005018162A1 (en) 2005-02-24
CN1823502A (en) 2006-08-23
EP1652343B1 (en) 2010-03-24
AU2004301015B2 (en) 2009-12-10
US20050171720A1 (en) 2005-08-04
ATE462244T1 (en) 2010-04-15
US7916705B2 (en) 2011-03-29
DE602004026196D1 (en) 2010-05-06
US7286515B2 (en) 2007-10-23
CA2529411A1 (en) 2005-02-24
AU2004301015A1 (en) 2005-02-24
CN1823502B (en) 2012-12-05
US20070286143A1 (en) 2007-12-13
EP1652343A1 (en) 2006-05-03

Similar Documents

Publication Publication Date Title
CA2529411C (en) A method, apparatus, and software product for detecting rogue access points in a wireless network
EP1854005B1 (en) Method and apparatus for locating rogue access point switch ports in a wireless network
US7676216B2 (en) Dynamically measuring and re-classifying access points in a wireless network
US8848669B2 (en) System and method for integrated WiFi/WiMax neighbor AP discovery and AP advertisement
US8000308B2 (en) Containment of rogue systems in wireless network environments
CA2649527C (en) Secure wireless user localization scheme using transmission range variation
US9432848B2 (en) Band steering for multi-band wireless clients
KR100489683B1 (en) Apparatus for controlling the load balance in multi-access points and method thereof
AU2005272052B2 (en) Robust and fast handover in a wireless local area network
EP1763177B1 (en) Method of authenticating access points of a wireless network
JP2017153149A (en) Out-of-band scanning for femto access point detection
EP1851631B1 (en) Dynamically measuring and re-classifying access points in a wireless network
US11765581B2 (en) Bootstrapping fast transition (FT) keys on wireless local area access network nodes based on private wireless wide area access network information

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20180420