logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8000698 B1

PDFFull Text
Date of Patent:
Aug. 16, 2011

Filed:

Oct. 25, 2006

Detection and management of rogue wireless network connections

Applicants:

Alastair Wolman, Seattle, WA (US);

Brian D. Zill, Redmond, WA (US);

Jitendra D. Padhye, Redmond, WA (US);

Ranveer Chandra, Kirkland, WA (US);

Paramvir Bahl, Sammamish, WA (US);

Manpreet Singh, New York, NY (US);

Lenin Ravindranath Sivalingam, Chennai, IN;

Inventors:

Alastair Wolman, Seattle, WA (US);

Brian D. Zill, Redmond, WA (US);

Jitendra D. Padhye, Redmond, WA (US);

Ranveer Chandra, Kirkland, WA (US);

Paramvir Bahl, Sammamish, WA (US);

Manpreet Singh, New York, NY (US);

Lenin Ravindranath Sivalingam, Chennai, IN;

Assignee:

Microsoft Corporation, Redmond, WA (US);

Attorney:
Primary Examiner:

Pierre-Louis Desir

Assistant Examiner:

Joshua Schwartz

Int. Cl.
CPC ...
H04M 1/66 (2006.01); H04M 1/68 (2006.01); H04M 3/16 (2006.01);
U.S. Cl.
CPC ...
Abstract

A method of detecting rogue devices that are coupled to a wired network without generating false negative or false positive alerts is provided. When a wireless monitor detects an observed SSID and/or BSSID, various tests are run to determine whether the observed device is actually coupled to the wired network. To guard against the suspect device spoofing an authorized SSID and/or BSSID, location information is gathered so that the network administrator can pinpoint the location of the rogue device. If the device is not recognized, various other tests are run to determine whether the unrecognized device is actually connected to the wired network. These tests include an association test, a MAC address test, an ARP test, a packet replay test, a correlation test, and/or a DHCP fingerprint test. Once it is determined that the suspect device is a rogue connected to the wired network, an appropriate alert is generated.

Find Patent Forward Citations

Loading…