CN103067922A - Method and system for preventing illegal access point in wireless local area network - Google Patents
Method and system for preventing illegal access point in wireless local area network Download PDFInfo
- Publication number
- CN103067922A CN103067922A CN201310027099XA CN201310027099A CN103067922A CN 103067922 A CN103067922 A CN 103067922A CN 201310027099X A CN201310027099X A CN 201310027099XA CN 201310027099 A CN201310027099 A CN 201310027099A CN 103067922 A CN103067922 A CN 103067922A
- Authority
- CN
- China
- Prior art keywords
- access point
- sta
- rogue
- monitoring
- monitoring client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000012544 monitoring process Methods 0.000 claims abstract description 126
- 238000001514 detection method Methods 0.000 claims abstract description 51
- 239000000523 sample Substances 0.000 claims description 10
- 230000004044 response Effects 0.000 abstract description 5
- 238000004891 communication Methods 0.000 description 5
- 230000007257 malfunction Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000005242 forging Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method and system for preventing an illegal access point in a wireless local area network. The method comprises the following steps that: an access point controller is used for controlling one or more monitoring sides to send a detection message to all access points and informing that legal access points do not make responses after receiving the detection message in advance through a safety channel; and the access point controller is used for determining the illegal access points in all the access points through the responses received by the monitoring sides and controlling the monitoring sides to send an attack message to the illegal access points. The method disclosed by the invention is simple and easy to implement and effectively solves the problem that an MAC (Media Access Control) address of an illegal AP (Access Point) is illegally accessed after being corrected into an MAC address of a legal AP by the illegal AP.
Description
Technical field
The present invention relates to communication technical field, relate in particular to the method and system that a kind of WLAN (wireless local area network) is taken precautions against rogue access point.
Background technology
WLAN (wireless local area network) (WLAN, Wireless Local Area Network) technology is based on 802.11 normalizations that IEEE formulates.In this standard WLAN (wireless local area network) is called Basic Service Set (BSS, Basic Service Set), the equipment that forms BSS is called as website (STA, Station), and defined two kinds of networking models: infrastructure mode (Infrastructure BSS) BSS and stand-alone mode (Independent) BSS.In Infrastructure BSS, an existing interface that is connected to WLAN (wireless local area network) of STA is arranged, the interface that is connected to cable network is also arranged, it is called as access point (AP), other STA will be connected on the AP, communicating by letter between each STA and the cable network, and the communication between each STA all will be passed through the AP transfer.And IBSS is also referred to as ad hoc network, and the status of each STA is equality, does not have AP, and they interconnect, and direct communication.Mostly can adopt infrastructure mode during actual networking.
Because the signal of WLAN is aloft to transmit, so compare cable LAN, it faces more security threat.One of them larger threat is rogue AP.The lawless person just can erect an AP with very low cost (only needing a wireless network card), it is put into the hot spot region, coffee shop for example, and play one and know each other or identical title with legal wireless network name, for example ChinaNet-, CMCC-start, lure that the user connects it into, and false login page is provided, get access to user's account number and password etc.In order to have more duplicity, the lawless person may take the man-in-the-middle attack mode, at his computer two wireless network cards is installed, and one of them is configured to ap mode, and false access service is provided; Another one is configured to the STA pattern, is connected on the legal AP; Two network interface cards carry out bridge joint.So, after STA is connected to rogue AP, can also normally surf the Net, but the message of STA transmitting-receiving all intercepted and captured, the assailant therefrom can analyze a lot of information of user.
Take precautions against rogue AP, at first want to detect the existence of rogue AP.The detection method that generally adopts at present is based on the MAC Address of AP: controller is safeguarded the MAC Address tabulation of a legal AP by the method for static configuration or dynamic learning, and specifies several legal AP periodically to carry out scan operation; Each legal AP is the scanning result of oneself, comprises the information such as MAC Address, channel number of each neighbor AP, reports controller; Controller compares the tabulation of scanning result and legal AP again, if MAC Address that AP arranged just judges that it is rogue AP not in tabulation.
But because wireless network environment is open, so rogue AP fully can be by monitoring beacon frame, get access to the information such as MAC Address of certain legal AP, then the parameter modifications such as MAC Address with oneself become identical with it, and top detection method had just lost efficacy like this.Deal with this situation so need the new method of research.
Summary of the invention
In view of above-mentioned analysis, the present invention aims to provide the method and system that a kind of WLAN (wireless local area network) is taken precautions against rogue access point, can not take precautions against rogue AP in the prior art its MAC Address is revised as the problem that the MAC Address of legal AP illegally accesses in order to solve.
Purpose of the present invention mainly is achieved through the following technical solutions:
A kind of WLAN (wireless local area network) is taken precautions against the method for rogue access point, comprising:
AC controls one or more monitoring clients and sends detection messages to all AP, and described AC informs after legal AP is received this detection messages by escape way in advance and do not reply;
Described AC replys the rogue AP of determining among all AP by what described monitoring client was received, and controls described monitoring client and send attack message to described rogue AP.
Preferably, the described monitoring client of control specifically comprised to the step that described rogue AP sends attack message after described AC determined rogue AP:
After described AC determines rogue AP, the STA address of a plurality of vacations of random configuration, and the STA address of above-mentioned vacation passed to described monitoring client by described escape way, if described rogue AP has been pretended to be the STA address of legal AP, the STA address with above-mentioned vacation passes to the legal AP that described rogue AP is pretended to be by described escape way simultaneously;
Described AC controls the STA that STA address that described monitoring client uses above-mentioned vacation is forged into a plurality of vacations and sends attack message to described rogue AP;
After the legal AP that described rogue AP is pretended to be is received above-mentioned attack message, ignore this attack message.
Preferably, described monitoring client is monitoring STA or the monitoring AP of described AC appointment;
When described monitoring client is monitoring during AP, the described monitoring AP STA that disguises oneself as sends detection messages to all AP, and wherein, the disguise oneself as MAC Address of STA of described monitoring AP is described AC random configuration;
When described monitoring client is monitoring during STA, the MAC Address of described monitoring STA is described AC random configuration.
Preferably, the type of described detection messages comprises: probe requests thereby and/or related request.
Preferably, the type of described attack message comprises: authentication request and/or related request.
The present invention also provides a kind of WLAN (wireless local area network) to take precautions against the system of rogue access point, comprising:
AC, be used for controlling one or more monitoring clients and send detection messages to all AP, and inform after legal AP is received this detection messages by escape way in advance and do not reply, and reply the rogue AP of determining among all AP by what described monitoring client was received, and control described monitoring client and send attack message to described rogue AP;
Described monitoring client is used for sending detection messages according to the indication of described AC to all AP, and described the replying that will receive send to described AC, and also the indication according to described AC sends attack message to described rogue AP.
Preferably, described AC specifically is used for, control one or more monitoring clients and send detection messages to all AP, and inform after all legal AP are received this detection messages by escape way in advance and do not reply, the described rogue AP of replying to determine among all AP of receiving according to described monitoring client, and the STA address of a plurality of vacations of random configuration after determining rogue AP, the STA address of above-mentioned vacation is passed to described monitoring client by described escape way, if described rogue AP has been pretended to be the STA address of legal AP, STA address with above-mentioned vacation passes to the legal AP that described rogue AP is pretended to be by described escape way simultaneously, and controls the STA that STA address that described monitoring client uses above-mentioned vacation is forged into a plurality of vacations and send attack message to described rogue AP;
Described monitoring client specifically is used for, indication according to described AC sends detection messages to all AP, and described the replying that will receive send to described AC, also uses the STA address of a plurality of vacations of described AC random configuration to send attack message to described rogue AP according to the indication of described AC.
Preferably, described monitoring client is monitoring STA or the monitoring AP of described AC appointment;
When described monitoring client is monitoring during AP, the described monitoring AP STA that disguises oneself as sends detection messages to all AP, and wherein, the disguise oneself as MAC Address of STA of described monitoring AP is described AC random configuration;
When described monitoring client is monitoring during STA, the MAC Address of described monitoring STA is described AC random configuration.
Preferably, the type of described detection messages comprises: probe requests thereby and/or related request.
Preferably, the type of described attack message comprises: authentication request and/or related request.
Beneficial effect of the present invention is as follows:
The invention provides a kind of WLAN (wireless local area network) and take precautions against the method and system of rogue access point, send detection messages by access point controller control monitoring client to all AP, legal AP is not replied after receiving this detection messages, and rogue AP is replied after receiving described detection messages, access point controller describedly replys to determine rogue AP according to what the described rogue AP that described monitoring client is received was sent, and control described monitoring client to described rogue AP transmission attack message, make described rogue AP cisco unity malfunction.The method is simple, easily realizes, efficiently solves rogue AP by the method its MAC Address is revised as the problem that the MAC Address of legal AP illegally accesses.
Other features and advantages of the present invention will be set forth in the following description, and becoming apparent from specification of part perhaps understood by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of writing, claims and accompanying drawing.
Description of drawings
Fig. 1 is that the WLAN (wireless local area network) of the embodiment of the invention 1 is taken precautions against the flow chart of the method for rogue access point;
Fig. 2 is that the legal AP of the embodiment of the invention 1 detects and attack the flow chart of the method for rogue AP;
Fig. 3 is that the STA of the embodiment of the invention 1 detects and attack the flow chart of the method for rogue AP.
Embodiment
Specifically describe the preferred embodiments of the present invention below in conjunction with accompanying drawing, wherein, accompanying drawing consists of the application's part, and is used for explaining together with embodiments of the present invention principle of the present invention.For clear and simplification purpose, when it may make theme of the present invention smudgy, with specifying in detail of known function and structure in the omission device described herein.
Comprise website (STA, Station), access point (AP, Access Point) and access point controller (AC, Access Point Controller) in the method and system of a kind of WLAN (wireless local area network) strick precaution rogue access point provided by the invention.
Embodiment 1
The embodiment of the invention provides a kind of WLAN (wireless local area network) to take precautions against the method for rogue access point, and referring to Fig. 1, the method comprises:
S101, access point controller are controlled one or more monitoring clients and are sent detection messages to all AP, and described AC informs after all legal AP are received this detection messages by escape way in advance and do not need to reply;
Escape way in the embodiment of the invention is between described legal AP and the described AC, and a kind of escape way of setting up between STA and the described AC.Normally be connected by cable network between legal AP and AC, and adopt the CAPWAP agreement (seeing rfc5415) to carry out alternately, this protocol requirement is based on wildcard, or certificate, sets up the encrypted communication channel between AP and AC.And rogue AP generally is not connect upper AC by cable network, even connected, owing to not having wildcard or certificate on the rogue AP, also can't set up encrypted communication channel, so only have escape way is arranged just between legal AP and AC.If described monitoring client is STA, then the message by the wireless channel transmission also needs protection between this STA and legal AP, can allow legal AP and STA set up the wireless security passage by the WPA/WPA2 key agreement.
Described monitoring client in the embodiment of the invention is monitoring STA or the monitoring AP of described AC appointment.
When described monitoring client is monitoring during AP, the described monitoring AP STA that disguises oneself as sends detection messages to all AP, and wherein, the disguise oneself as MAC Address of STA of described monitoring AP is described AC random configuration;
When described monitoring client is monitoring during STA, the MAC Address of described monitoring STA is described AC random configuration.
Detection messages in the embodiment of the invention comprises: sense cycle, probe requests thereby and/or related request, and the channel that needs scanning.
S102, rogue AP are replied after receiving described detection messages;
Because rogue AP does not know that this is a detection messages, so can reply this detection messages.
S103, described AC describedly reply to determine which AP is rogue AP according to what the described rogue AP that described monitoring client is received was sent;
S104, described AC control described monitoring client and send attack message to described rogue AP after determining rogue AP, make described rogue AP cisco unity malfunction.
Wherein, described attack message comprises: the MAC Address of described rogue AP, probe requests thereby and/or related request, and the length of attack time.
This step specifically comprises:
After described AC determines rogue AP, the STA address of a plurality of vacations of random configuration, and the STA address of above-mentioned vacation passed to described monitoring client by described escape way, if described rogue access point has been pretended to be the STA address of legal access point, the STA address with above-mentioned vacation passes to the legal access point that described rogue access point is pretended to be by described escape way simultaneously;
Described AC controls the STA that STA address that described monitoring client uses above-mentioned vacation is forged into a plurality of vacations and sends attack message to described rogue AP, makes described rogue AP cisco unity malfunction;
And after the legal AP that described rogue AP is pretended to be receives above-mentioned attack message, ignore this attack message, so the impact that it can message under attack.
As shown in Figure 2, the embodiment of the invention also provides a kind of legal AP to carry out the method that detects and attack rogue AP, and the method specifically comprises:
When enabling the function of taking precautions against rogue AP, at first select several legal AP as monitoring AP on the AC, the coverage of these monitoring AP is added up and be wanted to contain whole wireless network.
Be simplified characterization, supposition has 3 legal AP in the following example, AP1 ~ AP3, and the selected AP1 of AC is as monitoring AP.Suppose that AP4 is rogue AP, and it has been arranged to the MAC Address of oneself identical with AP2.
S201, several false STA addresses of AC random configuration by escape way, pass to all legal AP.
S202, AC assign the order that begins to detect to AP1, require it to begin to detect the process of rogue AP.Described sense command comprises: the type of sense cycle, detection messages (probe requests thereby and/or related request etc.), and the channel that needs scanning;
S203, AP1 as requested, periodically constructing source address is the detection messages of certain false STA address, take to broadcast or the form of clean culture send (if probe requests thereby, can be with broadcasting; If related request can only be used clean culture).AP2 and AP3 have known that this is a false STA, can not reply.And AP4 does not know, has sent to reply, and oneself has been exposed.
If S204 AP1 has received reply, just report AC.
S205, in order to reduce erroneous judgement, AC is upper to do further affirmation.
For example, if the source address of response message is the address of certain legal AP, AC can pass through escape way, requires this legal AP to confirm, whether really sends response message.In addition, AC is upper can to configure certain rule, ignores some and replys.For example, if the wireless network name that comprises in the response message is not this operator, just neglect.
After AC confirms to have detected rogue AP, can carry out following step, launch a offensive to rogue AP, be connected on the rogue AP to stop STA.
S206, a lot of false STA addresses of AC random configuration pass to monitoring AP with these addresses by escape way, are AP1 here.If it is identical with certain legal AP that rogue AP has been arranged to the address of oneself, then AC also will pass to counterfeiting legal AP with the STA address of vacation, is AP2 here.
S207, AC assign the order of launching a offensive to AP1, require it to launch a offensive to rogue AP.Comprise the parameters such as the MAC Address of rogue AP, the type of attack message (authentication request and/or related request etc.), attack time length in the described strike order.
S208, AP1 begin to rogue AP, and namely AP4 launches a offensive, and are forged into a lot of STA, send attack message to rogue AP.The upper STA number that allows to connect of general AP is limited, and when the resource on the AP4 was all taken by false STA, normal STA be not even gone up it, and this is our result of wanting just.
S209, because AP4 is arranged to identical with AP2 with the address of oneself, so also can receive attack message on the AP2.Because AC has informed AP2 with the address of false STA, so the wireless driving on the AP2 can be directly with these packet loss, the impact that it is subject to is very little.
As shown in Figure 3, the embodiment of the invention also provides a kind of STA to carry out the method that detects and attack rogue AP, and the method specifically comprises:
The present invention disposes several monitoring STA in the coverage of WLAN (wireless local area network), carry out the work that detects and stop rogue AP by them.By adopting monitoring STA can reduce the impact that legal AP is worked.
S301, monitoring STA use certain legal AP in the association of real address, and by modes such as WPA/WPA2 key agreements, escape way between foundation and legal AP;
That S302, AC judgement is reached the standard grade is a monitoring STA, and STA issues an order to monitoring, wherein comprises the STA address of wanting vacation, and AC is handed down to each legal AP by escape way with the STA address of forging simultaneously;
S303, AC assign the order of detection messages to monitoring STA, require it to begin testing process, comprise in the described sense command: the type of sense cycle, detection messages (probe requests thereby and/or related request etc.), and the channel that needs scanning;
S304, monitoring STA are revised as the address of oneself address of certain forgery as requested, send detection messages.Because legal AP has known that this is the address of forging, and can not reply; And rogue AP is not known, can reply, and just oneself has been exposed;
After S305, testing process finished, monitoring STA changeed back real address with the address of oneself, and related upper legal AP reports AC with testing result again;
S306, in order to reduce erroneous judgement, AC is upper can to send message to the legal AP of rogue AP personation, does further to confirm;
After S307, the affirmation rogue AP, a lot of false STA addresses of AC random configuration pass to monitoring STA and counterfeiting legal AP with these addresses by escape way, are AP2 here;
S308, AC assign the beginning strike order to monitoring STA, require it to launch a offensive to rogue AP.Comprise in the described strike order: the MAC Address of described rogue AP, the type of attack message (authentication request and/or related request etc.), and the length of attack time;
S309, monitoring STA begin to rogue AP, and namely AP4 launches a offensive.It uses false address, sends attack message to AP4;
The upper STA number that allows to connect of general AP is limited, and when the resource on the AP4 was all taken by false STA, other normal STA be not even gone up it, thereby made the rogue AP cisco unity malfunction.
S310, because AP4 is arranged to identical with AP2 with the address of oneself, so also can receive attack message on the AP2.Because AC has informed AP2 with the address of false STA, so the wireless driving on the AP2 can be directly with these packet loss, the impact that it is subject to is very little.
Embodiment 2
The embodiment of the invention provides a kind of WLAN (wireless local area network) to take precautions against the system of rogue access point, and this system comprises:
Access point controller, be used for controlling one or more monitoring clients and send detection messages to all access points, and inform after all legal access points are received this detection messages by escape way in advance and do not reply, the described rogue access point of replying to determine in all access points of receiving according to described monitoring client, and the STA address of a plurality of vacations of random configuration after determining rogue access point, the STA address of above-mentioned vacation is passed to described monitoring client by described escape way, if described rogue access point has been pretended to be the STA address of legal access point, STA address with above-mentioned vacation passes to the legal access point that described rogue access point is pretended to be by described escape way simultaneously, and controls the STA that STA address that described monitoring client uses above-mentioned vacation is forged into a plurality of vacations and send attack message to described rogue access point;
Monitoring client, be used for sending detection messages according to the indication of described access point controller to all access points, and described the replying that will receive send to described access point controller, also uses the STA address of a plurality of vacations of described access point controller random configuration to send attack message to described rogue access point according to the indication of described access point controller.
Described monitoring client in the embodiment of the invention is monitoring STA or the monitoring AP of described AC appointment.
Wherein, when described monitoring client is monitoring during AP, the described monitoring AP STA that disguises oneself as sends detection messages to all AP, and wherein, the disguise oneself as MAC Address of STA of described monitoring AP is described AC random configuration;
When described monitoring client is monitoring during STA, the MAC Address of described monitoring STA is described AC random configuration.
Described detection messages in the embodiment of the invention comprises: sense cycle, probe requests thereby and/or related request, and the channel that needs scanning.
Described attack message in the embodiment of the invention comprises: the MAC Address of described rogue AP, authentication request and/or related request, and the length of attack time.
In sum, the embodiment of the invention provides a kind of WLAN (wireless local area network) to take precautions against the method and system of rogue access point, send detection messages by access point controller control monitoring client to all AP, legal AP is not replied after receiving this detection messages, and rogue AP is replied after receiving described detection messages, access point controller describedly replys to determine which AP is rogue AP according to what the described rogue AP that described monitoring client is received was sent, and after determining rogue AP, control described monitoring client and send attack message to described rogue AP, make described rogue AP cisco unity malfunction.The method is simple, easily realizes, efficiently solves rogue AP by the method its MAC Address is revised as the problem that the MAC Address of legal AP illegally accesses.
The above; only for the better embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claims.
Claims (10)
1. the method for a WLAN (wireless local area network) strick precaution rogue access point is characterized in that, comprising:
Access point controller is controlled one or more monitoring clients and is sent detection messages to all access points, and described access point controller is informed after legal access point is received this detection messages by escape way in advance and do not replied;
Described access point controller is replied the rogue access point of determining in all access points by what described monitoring client was received, and controls described monitoring client and send attack message to described rogue access point.
2. method according to claim 1 is characterized in that, the described monitoring client of control specifically comprised to the step that described rogue access point sends attack message after described access point controller was determined rogue access point:
After described access point controller is determined rogue access point, the STA address of a plurality of vacations of random configuration, and the STA address of above-mentioned vacation passed to described monitoring client by described escape way, if described rogue access point has been pretended to be the STA address of legal access point, the STA address with above-mentioned vacation passes to the legal access point that described rogue access point is pretended to be by described escape way simultaneously;
Described access point controller is controlled the STA that STA address that described monitoring client uses above-mentioned vacation is forged into a plurality of vacations and is sent attack message to described rogue access point;
After the legal access point that described rogue access point is pretended to be is received above-mentioned attack message, ignore this attack message.
3. method according to claim 1 and 2 is characterized in that, described monitoring client is monitoring STA or the monitoring access point of described access point controller appointment;
When described monitoring client is monitoring during access point, the described monitoring access point STA that disguises oneself as sends detection messages to all access points, and wherein, the disguise oneself as MAC Address of STA of described monitoring access point is described access point controller random configuration;
When described monitoring client is monitoring during STA, the MAC Address of described monitoring STA is described access point controller random configuration.
4. method according to claim 1 and 2 is characterized in that, the type of described detection messages comprises: probe requests thereby and/or related request.
5. method according to claim 1 and 2 is characterized in that, the type of described attack message comprises: authentication request and/or related request.
6. the system of a WLAN (wireless local area network) strick precaution rogue access point is characterized in that, comprising:
Access point controller, be used for controlling one or more monitoring clients and send detection messages to all access points, and inform after legal access point is received this detection messages by escape way in advance and do not reply, and reply the rogue access point of determining in all access points by what described monitoring client was received, and control described monitoring client and send attack message to described rogue access point;
Described monitoring client, be used for sending detection messages according to the indication of described access point controller to all access points, and described the replying that will receive send to described access point controller, and also the indication according to described access point controller sends attack message to described rogue access point.
7. system according to claim 6 is characterized in that,
Described access point controller specifically is used for, control one or more monitoring clients and send detection messages to all access points, and inform after all legal access points are received this detection messages by escape way in advance and do not reply, the described rogue access point of replying to determine in all access points of receiving according to described monitoring client, and the STA address of a plurality of vacations of random configuration after determining rogue access point, the STA address of above-mentioned vacation is passed to described monitoring client by described escape way, if described rogue access point has been pretended to be the STA address of legal access point, STA address with above-mentioned vacation passes to the legal access point that described rogue access point is pretended to be by described escape way simultaneously, and controls the STA that STA address that described monitoring client uses above-mentioned vacation is forged into a plurality of vacations and send attack message to described rogue access point;
Described monitoring client specifically is used for, indication according to described access point controller sends detection messages to all access points, and described the replying that will receive send to described access point controller, also uses the STA address of a plurality of vacations of described access point controller random configuration to send attack message to described rogue access point according to the indication of described access point controller.
8. according to claim 6 or 7 described systems, it is characterized in that, described monitoring client is monitoring STA or the monitoring access point of described access point controller appointment;
When described monitoring client is monitoring during access point, the described monitoring access point STA that disguises oneself as sends detection messages to all access points, and wherein, the disguise oneself as MAC Address of STA of described monitoring access point is described access point controller random configuration;
When described monitoring client is monitoring during STA, the MAC Address of described monitoring STA is described access point controller random configuration.
9. according to claim 6 or 7 described systems, it is characterized in that, the type of described detection messages comprises probe requests thereby and/or related request.
10. according to claim 6 or 7 described systems, it is characterized in that, the type of described attack message comprises: authentication request and/or related request.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310027099XA CN103067922A (en) | 2013-01-24 | 2013-01-24 | Method and system for preventing illegal access point in wireless local area network |
| PCT/CN2013/083675 WO2014114099A1 (en) | 2013-01-24 | 2013-09-17 | Method and system for preventing rogue access points in wireless local area network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310027099XA CN103067922A (en) | 2013-01-24 | 2013-01-24 | Method and system for preventing illegal access point in wireless local area network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103067922A true CN103067922A (en) | 2013-04-24 |
Family
ID=48110348
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310027099XA Pending CN103067922A (en) | 2013-01-24 | 2013-01-24 | Method and system for preventing illegal access point in wireless local area network |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103067922A (en) |
| WO (1) | WO2014114099A1 (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103391546A (en) * | 2013-07-12 | 2013-11-13 | 杭州华三通信技术有限公司 | Wireless attack detection and defense device and method thereof |
| CN103561405A (en) * | 2013-10-23 | 2014-02-05 | 杭州华三通信技术有限公司 | Method and device for countering Rogue AP |
| WO2014114099A1 (en) * | 2013-01-24 | 2014-07-31 | 中兴通讯股份有限公司 | Method and system for preventing rogue access points in wireless local area network |
| CN104253817A (en) * | 2014-09-25 | 2014-12-31 | 大连梯耐德网络技术有限公司 | A FPGA-based network behavior attack method and device |
| CN104270366A (en) * | 2014-09-30 | 2015-01-07 | 北京金山安全软件有限公司 | Method and device for detecting karma attack |
| CN104703181A (en) * | 2013-12-09 | 2015-06-10 | 重庆重邮信科通信技术有限公司 | Access node authentication method and terminal |
| CN105162768A (en) * | 2015-07-31 | 2015-12-16 | 腾讯科技(深圳)有限公司 | Method and device for detecting phishing Wi-Fi hotspots |
| CN105208562A (en) * | 2015-08-26 | 2015-12-30 | 盾宇(上海)信息科技有限公司 | Active base station fraud prevention method based on client computer and system thereof |
| CN105262734A (en) * | 2015-09-23 | 2016-01-20 | 周超 | Secure router having hacker attack prevention function |
| CN105657706A (en) * | 2015-10-30 | 2016-06-08 | 东莞酷派软件技术有限公司 | An access method, related equipment and access device |
| CN106102068A (en) * | 2016-08-23 | 2016-11-09 | 大连网月科技股份有限公司 | A kind of illegal wireless access point detection and attack method and device |
| CN106131845A (en) * | 2016-08-23 | 2016-11-16 | 大连网月科技股份有限公司 | A kind of illegal wireless access-point attacks method and device |
| CN106165506A (en) * | 2013-07-19 | 2016-11-23 | 英特尔公司 | Identification of Rogue Access Points |
| CN106211161A (en) * | 2016-06-23 | 2016-12-07 | 杭州华三通信技术有限公司 | A kind of equipment counter method and device |
| CN106454843A (en) * | 2016-11-14 | 2017-02-22 | 上海斐讯数据通信技术有限公司 | Illegal AP (Access Point) suppression method and system in wireless local area network, and wireless AP |
| CN106899538A (en) * | 2015-12-17 | 2017-06-27 | 中国电信股份有限公司 | The access point method of inspection and system and credible access point, Cloud Server |
| CN108235322A (en) * | 2017-12-28 | 2018-06-29 | 新华三技术有限公司 | A kind of counter method and device of wireless device |
| CN116266911A (en) * | 2021-12-16 | 2023-06-20 | 迈普通信技术股份有限公司 | An illegal wireless access point countermeasure device, system and method |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018182915A1 (en) * | 2017-03-29 | 2018-10-04 | The Johns Hopkins University | SYSTEM AND METHOD FOR SMALL UNMANNED AERIAL SYSTEMS (sUAS) DEFENSE |
| CN108768671A (en) * | 2018-06-28 | 2018-11-06 | 新华三技术有限公司 | access point control method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1679264A (en) * | 2002-08-12 | 2005-10-05 | 哈里公司 | Wireless local on metropolitan area network with intrusion detection features and related methods |
| WO2006073642A2 (en) * | 2005-01-05 | 2006-07-13 | Cisco Technology, Inc. | Network infrastructure validation of network management frames |
| CN1996893A (en) * | 2006-12-25 | 2007-07-11 | 杭州华为三康技术有限公司 | Method, device and system for monitoring illegal access point in the wireless LAN |
| US7760710B2 (en) * | 2001-07-27 | 2010-07-20 | Cisco Technology, Inc. | Rogue access point detection |
| CN102014378A (en) * | 2010-11-29 | 2011-04-13 | 北京星网锐捷网络技术有限公司 | Method and system for detecting rogue access point device and access point device |
| CN102227114A (en) * | 2010-07-23 | 2011-10-26 | 卡巴斯基实验室封闭式股份公司 | System and method for detecting junk mail robot by detection data transmission |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067922A (en) * | 2013-01-24 | 2013-04-24 | 中兴通讯股份有限公司 | Method and system for preventing illegal access point in wireless local area network |
-
2013
- 2013-01-24 CN CN201310027099XA patent/CN103067922A/en active Pending
- 2013-09-17 WO PCT/CN2013/083675 patent/WO2014114099A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7760710B2 (en) * | 2001-07-27 | 2010-07-20 | Cisco Technology, Inc. | Rogue access point detection |
| CN1679264A (en) * | 2002-08-12 | 2005-10-05 | 哈里公司 | Wireless local on metropolitan area network with intrusion detection features and related methods |
| WO2006073642A2 (en) * | 2005-01-05 | 2006-07-13 | Cisco Technology, Inc. | Network infrastructure validation of network management frames |
| CN1996893A (en) * | 2006-12-25 | 2007-07-11 | 杭州华为三康技术有限公司 | Method, device and system for monitoring illegal access point in the wireless LAN |
| CN102227114A (en) * | 2010-07-23 | 2011-10-26 | 卡巴斯基实验室封闭式股份公司 | System and method for detecting junk mail robot by detection data transmission |
| CN102014378A (en) * | 2010-11-29 | 2011-04-13 | 北京星网锐捷网络技术有限公司 | Method and system for detecting rogue access point device and access point device |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014114099A1 (en) * | 2013-01-24 | 2014-07-31 | 中兴通讯股份有限公司 | Method and system for preventing rogue access points in wireless local area network |
| CN103391546A (en) * | 2013-07-12 | 2013-11-13 | 杭州华三通信技术有限公司 | Wireless attack detection and defense device and method thereof |
| CN103391546B (en) * | 2013-07-12 | 2017-03-15 | 杭州华三通信技术有限公司 | A kind of wireless attack detection and defence installation and its method |
| CN106165506A (en) * | 2013-07-19 | 2016-11-23 | 英特尔公司 | Identification of Rogue Access Points |
| CN106165506B (en) * | 2013-07-19 | 2020-11-10 | 英特尔公司 | Computing device, method and storage medium for identifying rogue access points |
| CN103561405A (en) * | 2013-10-23 | 2014-02-05 | 杭州华三通信技术有限公司 | Method and device for countering Rogue AP |
| CN104703181A (en) * | 2013-12-09 | 2015-06-10 | 重庆重邮信科通信技术有限公司 | Access node authentication method and terminal |
| CN104253817A (en) * | 2014-09-25 | 2014-12-31 | 大连梯耐德网络技术有限公司 | A FPGA-based network behavior attack method and device |
| CN104270366A (en) * | 2014-09-30 | 2015-01-07 | 北京金山安全软件有限公司 | Method and device for detecting karma attack |
| CN104270366B (en) * | 2014-09-30 | 2017-09-29 | 北京金山安全软件有限公司 | method and device for detecting karma attack |
| CN105162768A (en) * | 2015-07-31 | 2015-12-16 | 腾讯科技(深圳)有限公司 | Method and device for detecting phishing Wi-Fi hotspots |
| CN105208562A (en) * | 2015-08-26 | 2015-12-30 | 盾宇(上海)信息科技有限公司 | Active base station fraud prevention method based on client computer and system thereof |
| CN105262734A (en) * | 2015-09-23 | 2016-01-20 | 周超 | Secure router having hacker attack prevention function |
| CN105657706A (en) * | 2015-10-30 | 2016-06-08 | 东莞酷派软件技术有限公司 | An access method, related equipment and access device |
| CN106899538A (en) * | 2015-12-17 | 2017-06-27 | 中国电信股份有限公司 | The access point method of inspection and system and credible access point, Cloud Server |
| CN106211161A (en) * | 2016-06-23 | 2016-12-07 | 杭州华三通信技术有限公司 | A kind of equipment counter method and device |
| CN106211161B (en) * | 2016-06-23 | 2021-04-02 | 新华三技术有限公司 | Equipment countercheck method and device |
| CN106102068A (en) * | 2016-08-23 | 2016-11-09 | 大连网月科技股份有限公司 | A kind of illegal wireless access point detection and attack method and device |
| CN106131845A (en) * | 2016-08-23 | 2016-11-16 | 大连网月科技股份有限公司 | A kind of illegal wireless access-point attacks method and device |
| CN106454843A (en) * | 2016-11-14 | 2017-02-22 | 上海斐讯数据通信技术有限公司 | Illegal AP (Access Point) suppression method and system in wireless local area network, and wireless AP |
| CN106454843B (en) * | 2016-11-14 | 2020-12-22 | 金华市智甄通信设备有限公司 | Method and system for inhibiting illegal AP in wireless local area network, and wireless AP |
| CN108235322A (en) * | 2017-12-28 | 2018-06-29 | 新华三技术有限公司 | A kind of counter method and device of wireless device |
| CN108235322B (en) * | 2017-12-28 | 2021-06-29 | 新华三技术有限公司 | Reverse control method and device for wireless equipment |
| CN116266911A (en) * | 2021-12-16 | 2023-06-20 | 迈普通信技术股份有限公司 | An illegal wireless access point countermeasure device, system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2014114099A1 (en) | 2014-07-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103067922A (en) | Method and system for preventing illegal access point in wireless local area network | |
| CN100544279C (en) | Method, device and system for monitoring illegal access points in wireless local area network | |
| CN105788047B (en) | A kind of control of bluetooth access equipment, control of bluetooth access management system and method | |
| WO2011041171A4 (en) | Methods and apparatus for solicited activation for protected wireless networking | |
| US7412237B2 (en) | Information processing apparatus and information processing method | |
| CN102857916B (en) | The method and system that a kind of mobile terminal detects and manages | |
| CN104270758B (en) | The method for connecting and authorizing is established by WIFI and server security | |
| CN105681272B (en) | The detection of mobile terminal fishing WiFi a kind of and resist method | |
| US9154950B2 (en) | Network access method, apparatus and system | |
| CN104302015A (en) | Adaptive WI-FI network connection method and system with hidden SSID | |
| KR101169659B1 (en) | Apparatus and method for servicing authentication by using portable device and authentication service system thereof, recordable medium which program for executing method is recorded | |
| CN104349325B (en) | Method and device for monitoring pseudo- wireless access point AP | |
| CN102075934A (en) | AP (Access Point) monitor and method and system for monitoring illegal APs | |
| EP3547759B1 (en) | Method, access point and wireless local area network system for establishing a wireless local area network connection between an access point and a station | |
| CN104580152A (en) | Protection method and system against wifi (wireless fidelity) phishing | |
| RU2010109858A (en) | ACCESS MANAGEMENT FOR A SELF-ORGANIZING BASIC STATION WITH A SMALL COVERAGE AREA | |
| Vanhoef et al. | Operating channel validation: Preventing multi-channel man-in-the-middle attacks against protected Wi-Fi networks | |
| EP2826304B1 (en) | Method and system for preventing the propagation of ad -hoc networks | |
| CN102438238A (en) | Method for detecting illegal AP in centralized WLAN environment | |
| EP1589703B1 (en) | System and method for accessing a wireless network | |
| WO2017128546A1 (en) | Method and apparatus for securely accessing wifi network | |
| CN102883301B (en) | Force method, device and the access controller of client roaming | |
| CN102938886A (en) | Method for preventing wireless network from being detected | |
| CN100502300C (en) | A method for detecting illegal wireless access points in a wireless local area network | |
| CN101848463A (en) | Method for protecting access of legal user based on wireless access point |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130424 |
|
| RJ01 | Rejection of invention patent application after publication |