Browse Prior Art Database

Method for Detecting Rogue Wireless Access Points on a Network and Restricting the Action of the Respective Clients

IP.com Disclosure Number: IPCOM000131849D
Publication Date: 2005-Nov-21
Document File: 2 page(s) / 14K

Publishing Venue

The IP.com Prior Art Database

Abstract

There are many security holes in 802.11 world. One of them is rogue access points (APs) where users put up SSIDs that try to emulate a "real" network and attempt to capture the credentials of clients attempting to connect to those real networks.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 96% of the total text.

ROGUE ACCESS POINT DETECTION AND RESTRICTION                  

Method for Detecting Rogue Wireless Access Points on a Network and Restricting the Action of the Respective Clients

Disclosed Anonymously

There are many security holes in 802.11 world.  One of them is rogue access points (APs) where users put up SSIDs that try to emulate a "real" network and attempt to capture the credentials of clients attempting to connect to those real networks.

The proposed solution is a method for detecting these rogues and then taking action based on the results.

It is easier to detect rogue APs by leveraging the existing infrastructure of the existing mobile data networks. The proposed solutoin utilizes a list of IT policy that contains a list of known "real" BSSIDs that clients are allowed to connect to.  Each time a client roams from one access point to another, this list is checked before the roaming is allowed to occur.  Unknown BSSIDs can be ignored and reported to someone with knowledge of "good" APs.  While there are other solutions that exist to detect the rogue APs, an alert is generated for the IT administrator as well as having the clients take action (or lack of action - i.e. not associating to the rogue).

This method leverages a centralized infrastructure with advance knowledge of known "good" APs.  It is different because there is an action that follows detection of the rogue.  There is a decision to associate to certain APs occurring at the device level and any rogu...